MANTECH seeks a motivated, career and customer-oriented
Cyber Security Analyst to join our team in
Virginia Beach, VA. This is an
onsite position.
This position plays a vital role in protecting critical systems by supporting RMF execution, driving compliance initiatives, and helping shape cybersecurity strategy that aligns with Department of Defense and Navy directives.
Responsibilities Include But Are Not Limited To
- Prepare for Lead Risk Management Framework (RMF) execution by analyzing mission needs, defining system boundaries, and creating network diagrams and data flows to support accurate control selection and secure system design.
- Guide control selection and tailoring through stakeholder workshops, documenting decisions in Enterprise Mission Assurance Support Service (eMASS) and aligning cybersecurity plans with risk tolerance and mission priorities.
- Apply and test security controls using Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs), Security Requirements Guides (SRGs), Assured Compliance Assessment Solution (ACAS)/Nessus scans, and NIST 800-53A to ensure compliance and technical soundness.
- Conduct end-to-end testing on assets affecting system confidentiality, integrity, and availability, while documenting configurations, access controls, and compliance results in eMASS.
- Evaluate control effectiveness through testing, documentation review, and staff interviews, identifying issues, root causes, and mapping all findings to POA&M actions.
- Maintain full accreditation packages in eMASS, including all required documentation and diagrams, while managing Plan of Actions & Milestones (POA&M) entries with detailed risk analysis.
- Execute continuous monitoring by scanning for vulnerabilities, updating STIGs, and tracking system risk posture, ensuring all findings are clearly communicated to stakeholders.
- Deliver expert RMF guidance and risk management support, advising leaders on security trends and contributing to a culture of proactive cybersecurity.
Minimum Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field
- 4+ years of experience in Information Systems Security Engineer (ISSE) or similar role, including 2+ years of direct RMF experience (Steps 0–6)
- Hands-on experience with eMASS for RMF package management, POA&M maintenance, and risk assessment
- Proficiency with ACAS/Nessus vulnerability scanning and DISA STIG/SRG application
- Security+ CE certification with documented ACAS and eMASS training
Preferred Qualifications
- Certified in Governance, Risk and Compliance (CGRC), CompTIA Advanced Security Practitioner (CASP+) CE, Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) (or Associate)
- Knowledge of Operational Technology (OT) systems and RMF application in OT environments
Security Clearance Requirements
- Must have a current/active DoD Secret security clearance
Physical Requirements
- The person in this position must be able to remain in a stationary position 50% of the time. Occasionally move about inside the office to access file cabinets, office machinery, or to communicate with co-workers, management, and customers, via email, phone, and or virtual communication, which may involve delivering presentations.
