Security Analyst Information Security


Full-Time, Direct Hire Position with Full Benefits and Matching 401(k) Plan

Work Location: North Charleston, SC


The Security Analyst supports the performance of tasks associated with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This individual supports the preparation of system and security documentation in accordance with Federal Information Security Modernization Act (FISMA) requirements throughout the various stages of the RMF. The Security Analyst works in a team environment and performs assigned tasks with minimal supervision and support. The Security Analyst works closely with system stakeholders to document system information, consult on system/authorization boundary topics, and ensure that applicable security controls are identified and documented appropriately. In addition, the Security Analyst provides support during the assessments of systems to which he/she is assigned by assisting with the tracking and gathering of evidentiary artifacts in addition to the testing of information systems. After authorization of the system, the Security Analyst supports continuous monitoring by assisting with the scheduling of monitoring activities, maintaining system and security documentation, performing annual assessments, and tracking Plan of Action and Milestones (POA&M) entries.

This position requires periodic annual travel to polar stations and facilities located in Antarctica, Alaska, and Greenland. Travel may involve two (2) subsequent weeks of on-site assessment and security support services twice a year. Candidates must be able to satisfactorily complete comprehensive medical and dental examinations prior to travel. The adjudication of medical and dental examinations will be determined by designated USAP medical personnel; approval is required prior to deploying to OCONUS locations including on shore and afloat. Examinations include, at a minimum, medical and dental physicals in addition to necessary miscellaneous tests that are based on age, gender, and/or medical history. Candidates must also possess up-to-date immunizations, which are defined by the NSF, in order to travel to the defined locations.

Key Responsibilities:

  • Coordinate with the customer regarding status of consulting and assessment projects.
  • Develop deliverables associated with a FISMA security package including, but not limited to: System Security Plan, Information System Contingency Plan, Incident Response Plan, Continuous Monitoring Plan.
  • Perform vulnerability scanning using government or commercial-off-the-shelf tools.
  • Gather and organize technical information about missions, goals, and requirements.
  • Perform project tasks involving the integration of tools or methodologies to resolve organizational and system security problems.
  • Provide IT security guidance to Information System Owners.
  • Gather and organize technical information about information systems.
  • Perform boundary scoping exercises and architecture reviews.
  • Support the performance of security assessments.
  • Gather and organize artifacts in preparation for security assessments.
  • Maintain information system component inventories.
  • Track and update POA&M entries.
  • Support scheduling of assessments and continuous monitoring activities.

Minimum Requirements:

  • Bachelor’s degree in Cyber Security, Computer Science, or related discipline.
  • 5+ years of relevant industry experience in performing tasks associated with the Risk Management Framework (with at least 3 being in IT security audit, assessment, compliance, or risk management).
  • At least 5 years of experience with FISMA consulting and assessment projects.
  • Thorough understanding of FISMA requirements and NIST guidance.
  • Must be able to work both independently and in a team environment.
  • Must have strong written, verbal, and presentation communication skills.
  • Currently have, or able to obtain, a Public Trust Clearance.
  • Minimum Security + Certification. CISSP and/or CISSM Certifications are preferred.
  • Other security-related industry certifications such as a CAP, CCSK, CISA, CISM, CISSP, CCSP, CRISC, CCISO, or Amazon Web Services (AWS)/Google Cloud Platform (GCP)/Microsoft Azure specific certifications.
  • Knowledgeable of cloud architectures and operations (preferred)
  • Experience using security tools, such as Nessus, WebInspect, AppDetective, and others.

We also have several similar positions available at this time. Please visit our Careers page at for a complete list of openings.

COACT, Inc. is a leading service disabled veteran owned small business and test laboratory that provides Global IT Security Services, Accredited Evaluations and Testing, and Evidence-Based Compliance Services for traditional, hybrid, and cloud-based systems serving governments and private industry. COACT is a leader in risk management and compliance. COACT is ISO 9001:2015 compliant and a Federal Risk and Authorization Management Program (FedRAMP) Accredited Third Party Assessment Organization (3PAO). COACT tiered service offerings range from focused efforts to address specific security objectives, to providing full information security programs for clients in commercial, healthcare, regulatory, defense, and intelligence domains.

Applicants selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information.

An Equal Opportunity/Affirmative Action Employer

To apply for this job email your details to