Senior Cybersecurity Analyst

ITility is seeking a Senior Cybersecurity Analyst to support enterprise IT and cybersecurity initiatives within a Department of Defense (DoD) environment. This role is responsible for ensuring the security, compliance, and authorization of mission-critical systems.

The ideal candidate brings deep expertise in the Risk Management Framework (RMF), DoD cybersecurity compliance, and cloud security, with a proven ability to obtain and sustain Authorizations to Operate (ATOs) while strengthening overall security posture.

Key Responsibilities:

RMF & Authorization Management:

• Lead system assessments and determine appropriate accreditation pathways (ATO, IATT, Assess Only)
• Develop and maintain System Security Plans (SSPs), Security Requirements Traceability Matrices (SRTMs), and POA&Ms
• Manage and submit ATO packages within DoD eMASS in accordance with RMF (DoDI 8510.01, NIST SP 800-37)
• Evaluate and validate security controls per NIST SP 800-53 / 800-53A

Security Compliance & STIG Implementation:

• Perform DISA STIG and SRG assessments, including Application Security and Development (ASD) STIG
• Ensure proper system categorization in accordance with NIST SP 800-60 Vol II and CNSSI 1253
• Maintain compliance with DoD cybersecurity policies and standards

Continuous Monitoring & Risk Management:

• Execute continuous monitoring activities aligned with NIST SP 800-137
• Identify vulnerabilities, assess risk, and recommend mitigation strategies
• Track and remediate findings to maintain ATO compliance and reduce cybersecurity risk

Cloud & Application Security:

• Support the security of cloud-based systems and applications (AWS, Azure, GCP)
• Apply secure software development principles and best practices
• Assess and mitigate evolving threats across cloud and hybrid environments

Required Qualifications:

• U.S. Citizenship required; ability to obtain and maintain a DoD Secret clearance.
• CISSP or DoD 8570 IAM Level II certification (or ability to obtain within 3 months)
• CompTIA Security+ CE or equivalent (DoD 8570/8140 IAT II)
• Minimum of 8 years of RMF experience within a DoD environment
• Minimum of 5 years of working knowledge of DISA STIGs, RMF, NIST 800-53, federal cloud compliance frameworks and performing STIG assessments
• Minimum of 5 years securing or assessing cloud-based systems
• Hands-on experience with DoD eMASS and ATO package submission

Preferred Qualifications

• Experience supporting secure cloud environments (e.g., AWS GovCloud, Azure Government)
• Prior experience as an Application Developer or Systems Administrator
• Familiarity with DevSecOps and secure CI/CD pipelines
• Experience supporting large-scale, enterprise IT programs
• Active Secret Clearance preferred.

Work Environment

• Required to dress appropriately for the job environment, including adherence to safety, security, and site-specific dress standards
• Ability to sit or stand for extended periods while performing computer-based tasks
• Requires sustained use of hands and fingers for keyboarding, writing, and operation of standard office equipment, as well as frequent verbal communication, active listening, and visual acuity to perform job responsibilities effectively
• Occasional movement around the office, including climbing stairs
• Ability to travel up to 15%, which may include occasional visits to client sites or government installations

Why ITility

ITility is a Service-Disabled Veteran-Owned Small Business (SDVOSB) delivering enterprise IT and cybersecurity solutions across the Department of Defense. We focus on enabling secure, scalable, and mission-aligned capabilities that support national security objectives.

Our culture is grounded in:

• Performance – Delivering results that matter
• Purpose – Supporting national defense and public service
• People – Empowering teams to innovate and lead

ITility is an Equal Opportunity Employer

*ITility is committed to providing a work environment that is non-discriminatory, harassment free, fair, ethical and inclusive. ITility is committed to the principle of equal employment opportunity and complies with all applicable laws which prohibit discrimination and harassment in the workplace. ITility strictly prohibits discrimination or harassment based on race, color, religion, national origin, sex, sexual orientation, gender identity, protected veteran status, disability, or any other characteristic protected by law in all terms, conditions and privileges of employment, including without limitation, recruiting, hiring, assignment, compensation, promotion, discipline and termination. This policy covers conduct occurring at ITility’s offices, client sites, other locations where ITility is providing services, and to all work-related activities.*