Tantus Technologies, Inc.
Senior Security System / Information Assurance Analyst
Tantus Technologies, Inc., Washington, District of Columbia, us, 20022
Senior Security System / Information Assurance Analyst
Join to apply for the
Senior Security System / Information Assurance Analyst
role at
Tantus Technologies, Inc. Tantus Technologies, Inc. (Tantus) - recognized by the Washington Post as a Top Workplace - is seeking an experienced Senior System Security / Information Assurance Analyst to lead and support enterprise cybersecurity initiatives across complex IT environments. This role is responsible for assessing, developing, and implementing robust security policies and controls aligned with federal and industry standards such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs. The ideal candidate will possess deep expertise in risk management, compliance, incident response, and secure system architecture, with a strong focus on protecting critical assets and ensuring regulatory adherence. This position plays a key role in driving security strategy, managing vulnerabilities, and supporting accreditation processes for both on-premises and cloud-based systems. Clearance : This position supports a federal contract and requires U.S. citizenship or lawful permanent resident (Green Card holder) status, as well as the ability to obtain a Public Trust clearance. Location : Prefer a candidate local to the DC metro area able to attend meetings at FAA HQ in DC. Alternatively will consider candidates located near FAA facilities in OK or NJ (namely MMAC in Oklahoma City, or the Tech Center in Egg Harbor, NJ). Responsibilities include: Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs. Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks. Ensure compliance with federal regulations, industry standards, and organizational security policies. Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages. Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings. Monitor security logs, alerts, and events using SIEM tools (e.g., Splunk, ArcSight, etc.) to detect, investigate, and mitigate cyber threats. Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments. Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills. Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions. Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls. Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP). Develop and maintain security documentation, policies, and procedures for system accreditation. Conduct security awareness training for employees and stakeholders. Support audit and certification processes, working with internal and external security assessors. Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices. Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption. Conduct security reviews for third-party applications and vendors to mitigate supply chain risks. Requirements: Bachelor’s degree and six (6) years of relevant experience. Bachelor’s degree must be in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or other IT degree, engineering, math, and/or science. Writing scripts in Python, PowerShell, or Bash for security automation and log analysis. Automating security control enforcement using Ansible, Terraform, or cloud-native security tools. Securing cloud environments (AWS, Azure, Google Cloud) with Zero Trust, CASB, and cloud-native security controls. IAM, Privileged Access Management (PAM), and Role-Based Access Control (RBAC). Knowledge of cyber threats, attack vectors, Advanced Persistent Threats (APTs), and malware analysis. Security Information and Event Management (SIEM) solutions like Splunk, ArcSight, or QRadar. Firewalls, IDS/IPS (Snort, Suricata), VPNs, and endpoint security solutions. Secure configurations based on CIS Benchmarks, DISA STIGs, and SCAP tools. Salary range: $110,000-120,000/year.
#J-18808-Ljbffr
Join to apply for the
Senior Security System / Information Assurance Analyst
role at
Tantus Technologies, Inc. Tantus Technologies, Inc. (Tantus) - recognized by the Washington Post as a Top Workplace - is seeking an experienced Senior System Security / Information Assurance Analyst to lead and support enterprise cybersecurity initiatives across complex IT environments. This role is responsible for assessing, developing, and implementing robust security policies and controls aligned with federal and industry standards such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs. The ideal candidate will possess deep expertise in risk management, compliance, incident response, and secure system architecture, with a strong focus on protecting critical assets and ensuring regulatory adherence. This position plays a key role in driving security strategy, managing vulnerabilities, and supporting accreditation processes for both on-premises and cloud-based systems. Clearance : This position supports a federal contract and requires U.S. citizenship or lawful permanent resident (Green Card holder) status, as well as the ability to obtain a Public Trust clearance. Location : Prefer a candidate local to the DC metro area able to attend meetings at FAA HQ in DC. Alternatively will consider candidates located near FAA facilities in OK or NJ (namely MMAC in Oklahoma City, or the Tech Center in Egg Harbor, NJ). Responsibilities include: Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs. Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks. Ensure compliance with federal regulations, industry standards, and organizational security policies. Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages. Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings. Monitor security logs, alerts, and events using SIEM tools (e.g., Splunk, ArcSight, etc.) to detect, investigate, and mitigate cyber threats. Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments. Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills. Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions. Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls. Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP). Develop and maintain security documentation, policies, and procedures for system accreditation. Conduct security awareness training for employees and stakeholders. Support audit and certification processes, working with internal and external security assessors. Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices. Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption. Conduct security reviews for third-party applications and vendors to mitigate supply chain risks. Requirements: Bachelor’s degree and six (6) years of relevant experience. Bachelor’s degree must be in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or other IT degree, engineering, math, and/or science. Writing scripts in Python, PowerShell, or Bash for security automation and log analysis. Automating security control enforcement using Ansible, Terraform, or cloud-native security tools. Securing cloud environments (AWS, Azure, Google Cloud) with Zero Trust, CASB, and cloud-native security controls. IAM, Privileged Access Management (PAM), and Role-Based Access Control (RBAC). Knowledge of cyber threats, attack vectors, Advanced Persistent Threats (APTs), and malware analysis. Security Information and Event Management (SIEM) solutions like Splunk, ArcSight, or QRadar. Firewalls, IDS/IPS (Snort, Suricata), VPNs, and endpoint security solutions. Secure configurations based on CIS Benchmarks, DISA STIGs, and SCAP tools. Salary range: $110,000-120,000/year.
#J-18808-Ljbffr