CrawlJobs Logo

Cyber Security Assessment & Authorization Analyst

nttdata.com Logo

NTT DATA

Location Icon

Location:
United States , Rockville

Category Icon
Category:
IT - Administration

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

The Cyber Security Assessment & Authorization Analyst role at NTT DATA involves leading assessment and authorization efforts for various agency systems, ensuring compliance with NIST standards. Candidates should have a minimum of 8 years of experience in cyber security and a bachelor's degree in a related field. The position requires strong leadership and communication skills, along with expertise in security control assessments and cloud environments.

Job Responsibility:

  • Support a client as an assessment and authorization (A&A) analyst, including A&A efforts for various agency systems
  • Leads the team on ISSO and Assessors in the day to day tasks
  • Maintain responsibility for supporting federal clients obtaining the authority to operate (ATO) for new and modernized systems
  • Serve as senior team lead providing guidance and working with team members in performance/delivery of all assigned A&A efforts
  • Adhere to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing and implementing security controls, testing and validating security controls, and analyzing and tracking corrective action plans
  • Ensure all supporting artifacts and results will be documented in the A&A repository
  • Performing security controls assessments on security boundaries and producing required security documentation
  • Experience with NIST special publications (SPs) regarding the SA process, including SP 800-53, SP 800-137, and SP 800-37
  • Experience with continuous monitoring and plans of action and milestones (POA&M) management
  • Experience with assessing systems deployed in Cloud Environments

Requirements:

  • Bachelor's degree in Management Information Systems, Computer Science, or related cybersecurity discipline
  • Minimum 8 years of experience with assessment and accreditation (A&A)
  • Minimum 8 years of experience as a security control assessor or validator
  • Minimum 8 years of experience with maintaining IT security policies, processes, and guidance
  • Minimum 3 years of experience with using GRC tool – CSAM
  • Ability to obtain a Public Trust Clearance

Nice to have:

Experience with using continuous monitoring tools to assist with the automation of assessment efforts and with A&A of cloud-platforms

Additional Information:

Job Posted:
March 19, 2026

Icon
NTT DATA - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Cyber Security Assessment & Authorization Analyst

Cyber Information Assurance Analyst SME

The Cyber Information Assurance Analyst SME supports the customer by performing ...
Location
Location
United States , Ft. Meade
Salary
Salary:
131000.00 - 155000.00 USD / Year
chickasaw.com Logo
Chickasaw Nation Industries, Inc (CNI)
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must possess appropriate level of certifications for this position as required by the contract
  • Required DOD Top Secret Clearance with SCI eligibility
  • Bachelor's Degree and a minimum of ten plus (10+) years of experience in systems security, or equivalent combination of education/experience
Job Responsibility
Job Responsibility
  • Performs extensive assessments of systems and networks within the networking environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy
  • Establishes strict program control processes to ensure mitigation of risks and supports obtaining certification and accreditation of systems
  • Assists in the implementation of the required government policy and makes recommendations on process tailoring
  • Supports the formal Security Test and Evaluation required by each government accrediting authority through pre-test preparations, participation in the tests, analysis of the results, and preparation of required reports
  • Periodically conducts of a review of each system's audits and monitors corrective actions until all actions are closed
What we offer
What we offer
  • Medical
  • Dental
  • Vision
  • Company Life Insurance
  • Short-Term and Long-Term Disability Insurance
  • 401(K) Immediate Vesting
  • Professional Development Assistance
  • Legal Aid Assistance Program
  • Family Planning / Fertility Assistance
  • Personal Time Off
  • Fulltime
Read More
Arrow Right

Cyber Information Assurance Analyst - Junior Assessor

The Cyber Information Assurance Analyst supports the customer by performing anal...
Location
Location
United States , Ft. Meade, MD
Salary
Salary:
65000.00 - 70000.00 USD / Year
chickasaw.com Logo
Chickasaw Nation Industries, Inc (CNI)
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • The ability to obtain, maintain and access classified information at the TS/SCI level
  • DoD 8570 IAM/IA Technical (IAT) Level II certification
  • Familiarity with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices
  • Understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
  • Familiarity with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
  • Strong written and verbal communication skills for reporting assessment findings
  • This position requires travel ~85% CONUS & OCONUS
  • Bachelor's Degree and a minimum of one to two (1-2) years of experience in systems security, or equivalent combination of education/experience
Job Responsibility
Job Responsibility
  • Conducts cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN
  • Evaluates systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing
  • Adheres to policies and processes for each assessment type
  • Supports assessment development and execution to ensure security expertise is properly applied
  • Coordinates logistics, test plans, and scope with the SCA Team Lead
  • Performs vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS
  • Analyzes security gaps and provide mitigation recommendations
  • Validates cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines
  • Provides risk analysis and assessment results for authorization recommendations
  • Participates in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R
What we offer
What we offer
  • Medical
  • Dental
  • Vision
  • 401(k)
  • Family Planning/Fertility Assistance
  • STD/LTD/Basic Life/AD&D
  • Legal-Aid Program
  • Employee Assistance Program (EAP)
  • Paid Time Off (PTO) – (11) Federal Holidays
  • Training and Development Opportunities
  • Fulltime
Read More
Arrow Right

Security Incident Management Analyst

The Security Incident Management Analyst is an intermediate level position respo...
Location
Location
Singapore , Singapore
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Relevant professional certifications issued by GIAC, AWS, etc., preferably GCCC, GCIH, CEH, ECSA
  • General Industry knowledge of reporting obligations pertaining to local and national laws and regulatory bodies such as OCC, SEC, ECB, MAS
  • Working knowledge of common security models (Defense-in-Depth) and frameworks (MITRE Attack, Cyber Kill Chain, STIX)
  • Working knowledge of VERIS taxonomy
  • Working knowledge of OSI model
  • Working knowledge of security and/or incident response in cloud environments
  • Working knowledge of software development best practices, including agile methods
  • Familiar with Atlassian tools
  • Previous experience working in highly regulated environment
  • Previous experience in a fusion center and/or exposure to large scale incident response
Job Responsibility
Job Responsibility
  • Work as part of a best in class ‘follow the sun’ security incident response team
  • Lead and manage incident response activities to ensure that requisite triage, containment, and eradication are completed within targeted timeframes
  • Ensure that the security incident record is complete, accurate and fit for purpose
  • Collect and analyze evidence including investigative findings and prepare to coordinate with internal and external compliance and audit personnel
  • Execute incident response meetings and communicate complex security topics
  • exhibit good judgment and discretion when initiating escalations to all levels of the organization
  • Ensure that controls are utilized daily and that non-compliance remediation is addressed by appropriate selection
  • Provide IS consulting services, including interpreting and/or clarifying information security policy, procedures, standards or concepts
  • Assist with defining and implementing information security standards to align procedures and practices in pursuit of compliance with Citigroup standards
  • Validate compliance with information security policies, practices, and procedures, and resolve a variety of information security related issues in coordination with the relevant business(es)
  • Fulltime
Read More
Arrow Right
New

Information Security Assurance Analyst

Information Security Assurance Analyst
Location
Location
United Kingdom , Portsmouth
Salary
Salary:
Not provided
talenthawk.com Logo
TalentHawk
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • CISM/CISSP/CCSP/TOGAF/CRISC/AWS Solution Architect or equivalent certified or willing to undergo certification on the job
  • Must have Security Clearance or be eligible for security cleared
  • Must have experience in Cloud (IaaS, Paas, SaaS)
  • Must have proven expertise in three of the following security areas: identity and access management, network security, end user security, threat modelling, Security Risk and Compliance, penetration testing
  • Must have at least 3 years’ cyber security experience
  • Good understanding and practical experience of Cyber Security Frameworks and standards such as NCSC CAF, NIST Framework, ISO 27001, ISO27005, IEC62443 etc.
  • Good understanding of Cyber Assurance Framework and experience with working with Regulators and providing compliance updates
  • The individual should be educated to degree level in a relevant discipline
Job Responsibility
Job Responsibility
  • Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business processes
  • Review both high/low level architecture definition documents for compliance against security policies, standards and regulatory requirements, defining Cyber non-functional requirements
  • Attend Technical Design Authority (TDA meeting to provide security signoffs
  • Work within the Security Assurance team consisting of security assurance analyst / consultants providing thought leadership across several assurance functions, and helping smooth engagements with project delivery teams
  • Perform cyber security risk assessments, compliance checks, audits and reviews to ensure that appropriate security controls are in place and highlight any deficiencies and gaps for management consideration
  • Provide support in scoping and overseeing pen tests and re-tests
  • Review recommendations and collaborate with the relevant teams to support remediation efforts
  • Provide cyber security assurance activities by ensuring implemented solutions are a replica of agreed and approved architecture definition documents, helping to facilitate penetration testing, whilst providing security advice and guidance
  • Support to management, BAU and projects to comply with legal and regulatory requirements
  • Where required, propose solutions and coordinate delivery of mitigating actions to ensure risk levels are aligned with risk appetite
  • Fulltime
Read More
Arrow Right

Cyber Security Analyst

We are looking for a Lead Cybersecurity Analyst who can take ownership of the or...
Location
Location
Canada , Montréal
Salary
Salary:
Not provided
Farenexus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience in cloud and application security, with hands-on AWS production environments
  • Strong knowledge of Java (Spring/Spring Boot) and frontend security (Vue.js)
  • Solid understanding of MySQL security and data protection
  • Experience with risk assessment, vulnerability management, and incident response
  • Working knowledge of DPAs, BCP/DR, VAPT, and bug bounty programs
  • Relevant security or cloud certifications such as AWS Security Specialty, CISSP, CISM, or similar
  • Experience with containerized workloads and Kubernetes security
  • Familiarity with modern authentication and authorization approaches such as OAuth2 and OpenID Connect
  • Experience working in agile or Descopes environments
Job Responsibility
Job Responsibility
  • Define and maintain the organization’s security strategy, policies, standards, and architecture principles
  • Act as a security advisor to engineering, product, and leadership teams, ensuring alignment with business and regulatory requirements
  • Design and govern secure AWS architectures, including IAM, networking, and core AWS security services
  • Continuously assess cloud environments and drive remediation of security risks and misconfigurations
  • Lead application security reviews, threat modeling, and risk assessments for Java based backend services and Vue.js frontend applications
  • Embed security into the SDLC through secure coding practices, CI/CD security controls, and vulnerability management
  • Define and enforce data and database security controls, including encryption, access management, and auditing
  • Support compliance, audits, DPAs, BCDR planning, vulnerability assessments, and penetration testing activities
  • Lead incident response processes, security monitoring, and post-incident improvement initiatives
  • Collaborate with engineering and DevOps teams to promote a security-by-design culture and provide practical security guidance
What we offer
What we offer
  • Competitive compensation, benefits, and opportunities for growth
Read More
Arrow Right

Cyber Architect - Info Security Tech Senior Analyst

The Cyber Architect - Info Security Tech Senior Analyst is an intermediate level...
Location
Location
Hungary , Budapest
Salary
Salary:
12211560.00 - 20474640.00 Ft / Month
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5-8 years of relevant experience
  • Additional technical certifications are preferred
  • Demonstrated ability to research and apply current information regarding the IS field
  • Threat modelling using industry standard methodologies (e.g. STRIDE/DREAD) Experience developing Reference Security Architecture and Design Patterns to support proactive and automated controls
  • Strong knowledge of security for applications related to authentication / authorization, data protection, session management, data validation, and end point protections
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills
  • Bachelor’s degree/University degree or equivalent experience
Job Responsibility
Job Responsibility
  • Plan, research, and design security architecture for IT systems and applications (internally developed as well as vendor supplied) for processing multiple classification levels of data on prem, and cloud
  • Determine the security controls for above, document appropriately and partner with IT architecture/development stakeholders to implement during early in system development life cycle
  • Perform security architecture and risk assessment of internally developed or acquired IT systems and applications using best practices including threat modelling. Ensure that security design and controls are consistent with organization's security architecture principals
  • Establish relationships with cross-functional areas including Business, Technology, and Compliance stakeholders and serve as a SECURITY subject-matter expert
  • Manage risk by analyzing the root cause of security issues, determining compensating controls, and driving remediation
  • Coordinate with system development and infrastructure units to identify Information Security (IS) risks and the appropriate controls for development, day-to-day operation, and emerging technologies
  • Perform regular assessments based on changes in the threat landscape
  • Provide information security support with related activities during systems development (e.g. authentication, encryption)
  • Identify significant IS threats and vulnerabilities
What we offer
What we offer
  • Cafeteria Program
  • Home Office Allowance (for colleagues working in hybrid work models)
  • Paid Parental Leave Program (maternity and paternity leave)
  • Private Medical Care Program and onsite medical rooms at our offices
  • Pension Plan Contribution to voluntary pension fund
  • Group Life Insurance
  • Employee Assistance Program
  • Access to a wide variety of learning and development programs, online course libraries and upskilling platforms, such as Udemy and Degreed
  • Flexible work arrangements to support you in managing work - life balance
  • Career progression opportunities across geographies and business lines
  • Fulltime
Read More
Arrow Right

Mid-Level Cyber Security Engineer

We are seeking a Mid-Level Cyber Security Engineer to provide expert cyber domai...
Location
Location
United States , Washington, DC
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Candidates must meet ONE of the following education/experience combinations: Bachelor’s degree + 12+ years of related experience
  • Master’s degree + 10+ years of related experience
  • Ph.D. degree + 7+ years of related experience
  • 15+ years of related experience without a degree
  • Technical Requirements: Experience conducting site surveys for IT equipment (racks, desktop PC environments)
  • Experience installing IT hardware in 24/7 operational environments
  • Strong understanding of: Cybersecurity assessments
  • Incident response
  • Risk & vulnerability assessment
  • Cyber threat analysis
Job Responsibility
Job Responsibility
  • Cyber Security Engineering & Analysis: Conduct and review complex cybersecurity assessments
  • Identify system vulnerabilities and areas of non‑compliance with cybersecurity standards
  • Recommend mitigation strategies and risk‑reduction approaches
  • Perform research, evaluation, and development in advanced cybersecurity areas
  • Security Operations & Monitoring: Perform and maintain vulnerability scans, generating clear reports for leadership
  • Track and report Information Assurance Vulnerability Management (IAVM) compliance
  • Support incident response teams with domain-specific expertise
  • Maintain a library of security audit tools and related testing processes
  • Risk Management & Compliance: Review and update Authorization to Operate (ATO) documentation
  • Manage and report Plan of Action & Milestones (POA&M) compliance
What we offer
What we offer
  • Benefits are available to contract/temporary professionals, including medical, vision, dental, and life and disability insurance
  • Hired contract/temporary professionals are also eligible to enroll in our company 401(k) plan
Read More
Arrow Right

Senior Cybersecurity Analyst

Astrion has an exciting opportunity for a Senior Cybersecurity Analyst located a...
Location
Location
United States , Washington D.C.
Salary
Salary:
130000.00 - 150000.00 USD / Year
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A master’s degree in a relevant field and ten (10) years of relevant experience in cyber security, information system management, software development, design or authorization
  • A Bachelor’s degree in a relevant field and fifteen (15) years of relevant experience in cyber security, information system management, software development, design or authorization
  • A high school degree, or a GED, and more than twenty (20) years of relevant experience in cyber security, information system management, software development, design or authorization
  • In depth knowledge of all steps in the RMF Process
  • Risk Management Framework (RMF) package development knowledge and can lead efforts to bring platform technology systems through the full lifecycle of the RMF process to achieve/renew an Authorization to Operate (ATO)
  • Knowledge of DoD and DON cyber policies and procedures and/or NIST 800-53, DoDI 8500.01, and DoDI 8510.01
  • Must be flexible in adapting to deadlines, changing schedules, competing priorities, and unpredictable events
  • Demonstrated ability to assign work and manage personnel and tasks
  • Familiar with and able to present data and recommendations to Government and Military leadership
  • Thorough, detail oriented, and organized, with excellent time management skills and ability to prioritize and handle multiple projects at once
Job Responsibility
Job Responsibility
  • Provide cybersecurity expertise to surface combat system program offices
  • Lead efforts to bring Platform Information Technology systems and other systems through the full life cycle of the Risk Management Framework (RMF) process to achieve/renew Authority to Operate (ATO)
  • Review RMF package submission to ensure alignment with the NAVSEA Standard Operating Procedures (SOP)
  • Develops, coordinates, and reviews detailed Assessment & Authorization documentation in accordance with DoD Instruction 8510.01 – DoD Information Assurance Assessment and Authorization (A&A) Process (RMF)
  • Review systems scans/tests using the Security Content Automation Protocol (SCAP) Compliance Checker (SCC), and the Assured Content Assessment Solution (ACAS)
  • Work with the NAVSEA, PEO IWS, combat system program offices to ensure DOD/DON cybersecurity regulations and best practices are followed in the design, development, and sustainment of the integrated combat systems and weapon systems
  • Assist in RMF package development activities as an ISSE or Validator
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
Read More
Arrow Right