Senior Information Security Analyst

At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.
phia is seeking a Senior Information Security Analyst to support Information Security Continuous Monitoring and Authorization activities for a Federal cybersecurity program. In this position, you will play an integral role in supporting the delivery and operation of advanced cyber capabilities vital to our national security interests. This role is expected to be hybrid with onsite reporting required in Arlington, VA; frequency to be determined. Although this role is contingent upon a contract award, we are engaging with exceptional candidates now. 

What You'll Do

• Support Information Security Continuous Monitoring activities including vulnerability analysis and management, POA&M development and management, and security impact analysis for change requests and capability evolution.
• Provide security control analysis and documentation in support of Risk Management Framework (RMF) and Federal Information Security Management Act (FISMA) guidance and reporting requirements.
• Monitor the evolving RMF guidance and adapt processes and procedures as necessary.
• Support the development of Risk Assessment Reports (RAR), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&Ms).
• Update and maintain Authority to Operate (ATO) packages, compliance documents, and security authorization records to meet regulatory standards. 
• Support technical documentation development and maintenance efforts, including program policies and controls, Standard Operating Procedures (SOPs), security artifact templates, and other security-related technical documentation.  

Education + Requirements

• Bachelor’s degree with 7 years’ relevant IT/Cybersecurity experience; or 11 years’ relevant experience.
• Expertise in security compliance and risk management frameworks (e.g., NIST 800-53A, FISMA), including conducting assessments and developing risk analysis and mitigation strategies. 
• Proficient in vulnerability scanning, configuration, and patch management, with experience addressing complex system vulnerabilities. 
• Skilled in creating and maintaining security authorization documentation, ATO packages, and compliance records, with the ability to effectively present technical findings and mitigation plans to diverse audiences. 
• Experienced in coordinating across teams (e.g., Privacy, Information Governance), supporting audits, and delivering risk briefings. 
• Adept at communicating security requirements within development cycles and aligning with stakeholder expectations. 

Preferred Experience and Knowledge

• Familiarity and working experience with machine learning security operations (MLSecOps) or security development operations DevSecOps methodology.
• Familiarity with Scaled Agile Framework (SAFe) and its application to capability/system development, testing, authorization, and sustainment.

Security Clearance

• Active Secret clearance is required
• DHS Suitability (EOD)

Desired Certifications (one or more)

• Certified Information Systems Security Professional (CISSP)
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Risk and Information Systems Control (CRISC)
• Certified Authorization Professional (CAP)
• CompTIA Advanced Security Practitioner (CASP+)
• Global Information Assurance Certifications (GIAC) (e.g., GISF, GSLC, GSEC)
• AWS Certified Security - Specialty
• Certified Cloud Security Professional (CCSP) 

#LI-LC1
Who You Are A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.Intellectually curious with a genuine desire to learn and advance your career.An effective communicator, both verbally and in writing.Customer service-oriented and mission-focused.Critical thinker with excellent problem-solving skills If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.
Who We Arephia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.phia values work-life balance and offers the following benefits to full-time employees: Comprehensive medical insurance to include dental and visionShort Term & Long-Term Disability 401k Retirement Savings Plan with Company MatchTuition and Professional Development Assistance Flex Spending Accounts (FSA)
phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.
Please be aware job applicants have rights under federal employment laws. You can find more information about The Family Medical Leave Act (FMLA), Know Your Rights (EEO), and Employee Polygraph Protection Act (EPPA) on The U.S. Department of Labor (DOL)’s website HERE. Frequently Asked Questions - United States Department of Labor