Job Details

ITCON Services is seeking an experienced and highly skilled Information Security Analyst / ISSO to support multiple federal information systems in a fast-paced, mission-driven environment. The ideal candidate is a proactive security leader with deep knowledge of federal cybersecurity standards, vulnerability management, cloud security, and the Risk Management Framework (RMF). This role partners closely with engineering, development, and customer teams and supporting solution design across multiple programs.

t ITCON, we offer competitive compensation, paid training and development opportunities, healthcare benefits that start on your first day, commuter benefits, work-life balance, and the opportunity to work alongside an amazing and growing team.

pplicant must be a permanent resident or citizen of the United States and clearable for Public Trust clearance with the U.S Government.

Key Responsibilities
Vulnerability Management & Security Operations

• Lead vulnerability scanning, analysis, and risk triage across multiple systems and environments.
• Interpret scan results and recommend prioritized remediation plans.
• Collaborate with development and engineering teams to ensure timely remediation and patching.
• Track and manage Plans of Action & Milestones (POA&Ms), ensuring risk mitigation is completed within required timeframes.

• Develop and maintain full ATO packages and security documentation (e.g., SSPs, SARs, CMPs, Contingency Plans).
• Lead Certification & Accreditation (C&A) activities using NIST 800-53 and other federal security frameworks.
• Ensure compliance in FedRAMP, Azure, AWS, PCI DSS, and multi-tenant cloud environments.
• Conduct ongoing system monitoring, continuous diagnostics, and reporting for federal stakeholders.

• Design, recommend, and validate integrated security solutions to protect sensitive and proprietary data.
• Design and implement security controls including firewalls, Web Application Firewalls (WAFs), and SIEM tooling
• Provide technical security engineering services, including secure configuration, hardening, and architecture review.
• Translate business and security requirements into actionable technical designs during strategic planning.

• pply modern cloud security concepts, including identity, access, governance, logging, and workload protection.
• Knowledge of edge security platforms such as Akamai or Azure Front Door
• Partner with DevSecOps and engineering teams to integrate security controls into CI/CD pipelines.
• ssess cloud posture, drive remediation, and communicate overall system risk.

• Serve as a security advisor to technical teams and federal clients.
• Contribute to the development of internal security best practices.
• Support proposal development by providing technical security content and solution input.

• 6 + years of experience supporting regulatory, audit, or compliance programs for secure cloud or federal systems.
• 4 -6 years hands-on experience as an Information Security Analyst or ISSO for major enterprise or federal systems.
• Strong understanding of NIST 800-series, FISMA, RMF, continuous monitoring, and federal security controls.
• Demonstrated experience in:
  • Vulnerability scanning and interpretation
  • Managing ATO/C&A activities
  • Selecting and implementing security controls
  • Cloud security engineering (Azure, AWS, GovCloud, FedRAMP)
  • Monitoring and managing multi-organization compliance
  • Communicating complex security concepts in business-friendly language
  • Experience with DevSecOps processes and secure SDLC practices.
• Bachelor's degree in STEM (Science, Technology, Engineering, Mathematics).
• U.S. Citizen or Permanent Resident; eligible for Public Trust clearance.

• 7+ years of experience in security operations, incident investigation, and network security monitoring.
• Experience developing system/application certification and accreditation documentation.
• Experience working in Agile / SAFe environments and supporting testing activities.
• Experience conducting risk assessments, threat identification, security categorization, gap analysis, and compliance reporting.
• ctive certifications preferred:
  • CISSP (Certified Information Systems Security Professional)
  • CAP (Certified Authorization Professional)
  • Other relevant certifications (Security+, CISM, CCSP) a plus.