Senior Information Security Analyst

Title-Senior Information Security Analyst

Location: Arlington, VA (Remote)

Clearance: Secret

Start: Upon Contract Award

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise – across the organization and around the world.

Foxhole is seeking a Cybersecurity Team Lead (Senior Information Security Analyst).  This position will manage and enforce cybersecurity posture, assessments, compliance, and monitoring activities.   Using relevant experience, strong problem solving, and customer service skills to ensure the appropriate operational security posture is maintained for information system, integration points, and program by implementing and maintaining security controls in close coordination with the Government.

• Lead the design, implementation, and continuous improvement of enterprise cybersecurity frameworks across GovCloud environments, ensuring alignment with DoD security requirements
• Manage the full Risk Management Framework (RMF) lifecycle, including control selection, tailoring, inheritance, and mapping
• Architect and sustain automated compliance and continuous monitoring pipelines, enabling real-time RMF evidence generation, vulnerability scanning, AWS security, or equivalent platforms
• Maintain and govern cybersecurity architecture artifacts, including system security plans, system diagrams, and data flow mappings to support audit readiness and system authorization
• Direct vulnerability management and remediation programs, including coordination of scanning and POA&M tracking to ensure timely risk mitigation
• Ensure compliance with DISA STIGs, SRGs, and PPSM requirements through continuous validation, audits, and control assessments
• Collaborate with Authorizing Officials (AOs), Security Control Assessors (SCAs), and engineering teams to obtain and sustain Authorization to Operate (ATO)
• Lead the security integration into DevSecOps pipelines, ensuring automated security testing, compliance enforcement, and secure code deployment practices
• Oversee development and maintenance of key security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Incident Response Plans (IRPs), and Contingency Plans
• Lead incident response efforts, including detection, analysis, containment, and reporting, ensuring alignment with organizational and regulatory requirements
• Mentor and guide junior analysts, while communicating security posture, risk metrics, and compliance status effectively to senior leadership and stakeholders

• At least 7 years of experience in cybersecurity, compliance, or RMF program management
• Hands-on experience managing assessment and authorization activities within eMASS (or similar tool) and implementing RMF controls in GovCloud environment
• Strong understanding of RMF, DISA STIGs/SRGs, and Cloud Computing SRG
• Knowledge of FedRAMP, NIST SP 800-53, and CMMC frameworks
• Experience with vulnerability scanning and compliance validation technologies
• Strong understanding of cloud security (AWS, OCI, etc.)
• Ability to work independently, and part of team, in a high-intensity fast=paced environment
• Familiarity with security best practices and compliance requirements.
• Excellent troubleshooting and problem-solving skills
• Active DoD Secret Clearance
• Continental travel may be required

• Bachelor’s (BS) degree in relevant field – strongly preferred but not required
• Certifications such as CISSP, CISM, or similar cert is preferred
• Familiarity with security tools and frameworks such as ACAS, Nessus, cloud-based scanning technologies, etc.
• Experience supporting FedRAMP accreditations is a plus
• Knowledge of computer network defense process and procedures

Requirements of position:  Think analytically, effective verbal and written communication skills, make decisions, observe/remember details, interpret data, concentrate on tasks, adjust to change, handle stress/emotions.  Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard/type, handle confidential information, use math/calculations, stay organized, operate office equipment, may direct others.   May be exposed to dust/dirt, humidity, and noise

Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military/veteran status, or any other protected class.