Senior Cyber Security Analyst

MANTECH seeks a motivated, career and customer-oriented Senior Cyber Security Analyst to join our team in Virginia Beach, VA. This is an on-site position.

As a Senior Cyber Security Analyst, you will provide direct support to the Advance Electronic Systems (AES) team and its customers in support of Risk Management Framework (RMF) activities. This role focuses on security control implementation, assessment, continuous monitoring, and RMF compliance, with primary emphasis on Linux systems and supporting knowledge of Windows environments. You will serve as the point of contact for all cybersecurity-related matters, including security control implementation, documentation, and compliance activities

Responsibilities include, but are not limited to:

• Prepare for Risk Management Framework (RMF) execution and perform system categorization by conducting comprehensive mission analysis, defining the authorization boundary with detailed network diagrams, hardware/software inventories, and data flow documentation. Determine mission criticality and apply relevant overlays to establish the appropriate security control baseline per NIST SP 800-53 Rev 5 and DoD/Navy policy.

• Select, tailor, implement, and assess security controls using DISA STIGs (with emphasis on Linux platforms), SRGs, SCAP, ACAS/Nessus vulnerability scans, and NIST SP 800-53A Assessment Procedures. Perform hands-on configuration, hardening, log analysis, and remediation on Linux systems, while applying equivalent controls and STIGs to Windows endpoints. Execute testing, validate configurations and access controls, document implementation status, test results, and evidence in eMASS, and manage POA&M entries with complete risk analysis.

• Support system authorization by maintaining a complete and accurate RMF package in eMASS, including the SSP, POA&M, and supporting documentation. Coordinate workflow actions for Authorizing Official decision-making.

• Conduct continuous monitoring by implementing the System Level Continuous Monitoring (SLCM) Strategy, with focus on Linux system logs and security events alongside Windows endpoint monitoring.

• Conduct Annual Security Reviews (ASRs) and update the System Security Plan (SSP) and POA&M to reflect changes in risk posture.

• Provide guidance on RMF compliance, risk management, and security strategies across all RMF steps. Advise leadership on emerging threats, control gaps, and mitigation priorities, particularly for Linux environments.

• Retire and decommission systems at end-of-life. Execute data sanitization per DoD 5220.22-M, hardware disposition, and documentation closeout.

Minimum Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Information Systems, or related field

• Certified Information Systems Security Professional (CISSP) certification

• Server 2016 Certification; IT Level III; CWF

• 8+ years of combined experience in RMF processes and secure system implementation and maintenance in DoD environments, with at least 4+ years of hands-on experience securing Linux systems and working knowledge of Windows environments.

• Deep expertise in applying DISA STIGs to Linux operating systems in air-gapped and/or classified DoD environments.

• Experience with utilizing operating systems, including real-time operating systems. This includes: QNX, Linux, VXWorks, LynxOS, Microsoft XP embedded, Microsoft IoT, and Microsoft Windows.

• Security+ CE certification with documented ACAS and eMASS training.

• Hands-on experience with eMASS for RMF package management, POA&M maintenance, and risk assessment.

• Proficiency with ACAS/Nessus vulnerability scanning, analysis, and remediation of findings from DISA STIGs, SRGs, and SCAP.

Preferred Qualifications:

• Familiarity with network topology documentation in air-gapped environments.

• 2+ years executing full SDLC in DoD environments.

• Experience with the development in low level (machine) to very high level (abstract, goal oriented) programming languages and frameworks, including C/C++/C#, Python, JavaScript, TypeScript and Angular/React.

• Certified in CompTIA Linux +, Governance, Risk and Compliance (CGRC), CompTIA SecurityX

Clearance Requirements:

• Must be a US Citizen and hold an active Secret Security Clearance (with ability to obtain Top Secret if required).

Physical Requirements:

• Must be able to remain in a stationary position 50% of the time.

• Needs to occasionally move about inside offices, shipboard spaces, or industrial environments to access equipment and systems.

• Frequently communicates with co-workers, management, and customers, and must be able to exchange accurate information in these situations.