Senior System Security Analyst - Remote

Responsibilities

Senior System Security Analyst

Peraton is seeking a Senior System Security Analyst with Agile software development and maintenance experience for a team supporting the Federal Aviation Administration. Prior FAA experience is highly desirable.  Direct collaboration with FAA customers is expected.

 

Duties and Responsibilities:       

• Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs.
• Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks.
• Ensure compliance with federal regulations, industry standards, and organizational security policies.
• Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages.
• Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings.
• Monitor security logs, alerts, and events using SIEM tools (e.g., Splunk, ArcSight, etc.) to detect, investigate, and mitigate cyber threats.
• Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments.
• Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills.
• Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions.
• Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls.
• Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP).
• Develop and maintain security documentation, policies, and procedures for system accreditation.
• Conduct security awareness training for employees and stakeholders.
• Support audit and certification processes, working with internal and external security assessors.
• Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices.
• Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption.
• Conduct security reviews for third-party applications and vendors to mitigate supply chain risks.
• Assessing risk impact and security control effectiveness in real-world scenarios.
• Making data-driven decisions to improve security posture while balancing operational requirements.
• Ability to analyze security threats, correlate logs, and identify vulnerabilities in systems and networks.
• Troubleshooting security issues across multi-layered architectures.
• Working with cross-functional teams, executives, and auditors to implement security best practices.
• Training employees on security awareness and compliance programs.
• Staying updated with emerging threats, security technologies, and regulatory changes.
• Quickly adapt security strategies to evolving IT environments and threats.
• Writing security reports, compliance documentation (SSPs, POA&Ms), and security policies.
• Communicating security risks effectively to both technical and non-technical stakeholders
• Perform analysis activities and apply theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools.
• Use advanced analysis, facilitation and consultative techniques and tools and the ability to apply them in multiple settings of significant complexity.
• Automating security control enforcement using Ansible, Terraform, or cloud-native security tools.

Qualifications

Basic Qualifications:

• Bachelor’s degree in computer science, Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology or other IT degree, Engineering, Math and/or science and 5 years’ relevant experience, Master's degree and 4 years’ relevant experience; or high school diploma/equivalent and 10 years relevant experience
• US. Citizenship required; must be able to obtain a Public Trust clearance prior to start
• 2 years’ experience writing scripts in Python, PowerShell, or Bash for security automation and log analysis and/or using Ansible, Terraform, or cloud-native security tools.
• 4 years’ experience assessing, developing, and implementing security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs.
• 4 years’ writing security reports, compliance documentation (SSPs, POA&Ms), and security policies.

Preferred Qualifications:

• Experience supporting FAA systems
• Bachelor’s degree in computer science, Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology or other IT degree, Engineering, Math and/or science and 6 years’ relevant experience, Master's degree and 4 years’ relevant experience; or high school diploma/equivalent and 10 years relevant experience
• Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP), Security+, Information Technology (IT) certification, or equivalent certification. (Required within 12 months of hire.)
• Securing cloud environments (AWS, Azure, Google Cloud) with Zero Trust, CASB, and cloud-native security controls.
• IAM, Privileged Access Management (PAM), and Role-Based Access Control (RBAC).
• Knowledge of cyber threats, attack vectors, Advanced Persistent Threats (APTs), and malware analysis.
• Security Information and Event Management (SIEM) solutions like Splunk, ArcSight, or QRadar.
• Firewalls, IDS/IPS (Snort, Suricata), VPNs, and endpoint security solutions.
• Secure configurations based on CIS Benchmarks, DISA STIGs, and SCAP tools.
• Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools.
• Experience securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption.

Peraton Overview

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.

Target Salary Range

$80,000 - $128,000. This represents the typical salary range for this position based on experience and other factors.

EEO

EEO: Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.