FISMA Security Analyst

Website COACT, Inc COACT, Inc

Work Location: Columbia, MD


The Security Analyst supports the performance of tasks associated with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This individual supports the preparation of system and security documentation in accordance with Federal Information Security Modernization Act (FISMA) requirements throughout the various stages of the RMF. The Security Analyst works closely with system stakeholders to document system information, consult on system/authorization boundary topics, and ensure that applicable security controls are identified and documented appropriately.

Key Responsibilities:

  • Gather and organize technical information about information systems.
  • Perform boundary scoping exercises and architecture reviews.
  • Develop deliverables associated with a FISMA security package including, but not limited to: System Security Plan (SSP), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Configuration Management Plan (CMP).
  • Develop process guides, information security procedures, and other documentation to support and improve existing processes.
  • Support scheduling of assessments and continuous monitoring activities.
  • Support the performance of security assessments.
  • Gather and organize artifacts in preparation for security assessments.
  • Provide IT and security guidance to System Owners and other systems/security stakeholders.
  • Maintain information system component inventories.
  • Track and update POA&M entries.
  • Other duties, as assigned.


  • Preferred: Proficiency with security and management tools preferred.
  • Preferred: Bachelor’s degree in Cyber Security, Computer Science, or related discipline.
  • 5+ years of relevant industry experience in performing tasks associated with the RMF – experience with both FISMA consulting and assessment projects is highly preferable.
  • Must be able to work both independently and in a team environment.
  • Must have strong written and verbal communication skills.
  • At least one (1) IT security-related industry certification such as CAP, CISA, CISM, and CISSP.
  • Must be able to obtain and maintain a US Public Trust clearance.

To apply for this job email your details to