ZipRecruiter

Log In

1

Analyst Poam Jobs (NOW HIRING)

FSR, LLC.

System Technical Security Analyst

Herndon, VA ยท On-site +1

The Technical Security Analyst will be responsible for maintenance of the commercial and corporate environment POAM and analysis of the corresponding vulnerability scans; development of the metrics ...

FSR, LLC.

System Technical Security Analyst

Herndon, VA ยท Remote

The Technical Security Analyst will be responsible for maintenance of the commercial and corporate environment POAM and analysis of the corresponding vulnerability scans; development of the metrics ...

InstantServe LLC

Security Analyst

Lansing, MI ยท On-site

Job Title: Security Analyst Location: Lansing, MI 48909 Duration: 12 Months Job Desription: Top ... POAM). Reviews, analyzes and identifies opportunities and leads to PSP to reduce policy burden on ...

Tyto Athene, LLC

Cyber Analyst III

Warner Robins, GA ยท On-site

... POAM program for assigned base\location by working with SAs to ensure a POAMs for all open findings ... and analyzing weekly posted reports: (Data Loss Prevention (DLP) Violations, Enhanced Reports ...

Kentro

Remote Sr. Business Analyst (VA ESOM)

$92K - $119K/yr

The Senior Business Analyst supports the CMDB and Change Control transition by leading cost-benefit ... Support POAM management and audit preparation activities, providing timely evidence and ...

Kentro

Remote Sr. Business Analyst (VA ESOM)

$94K - $122K/yr

The Senior Business Analyst supports the CMDB and Change Control transition by leading cost-benefit ... Support POAM management and audit preparation activities, providing timely evidence and ...

next page

Showing results 1-20

All JobsAnalyst Poam Jobs

Analyst Poam information

See salary details

$16

$31

$48

How much do analyst poam jobs pay per hour?

As of Jun 11, 2026, the average hourly pay for analyst poam in the United States is $31.53, according to ZipRecruiter salary data. Most workers in this role earn between $25.24 and $35.82 per hour, depending on experience, location, and employer.

What are some common challenges faced by an Analyst POAM and how can they be addressed?

Analyst POAMs (Plan of Action and Milestones Analysts) often encounter challenges such as managing multiple compliance tasks simultaneously and ensuring all corrective actions are tracked and completed on time. They may also need to coordinate with various departments to gather necessary documentation and updates, which can be time-consuming. Effective communication, strong organizational skills, and familiarity with compliance frameworks like NIST or FISMA are key to overcoming these challenges. Leveraging project management tools and maintaining clear documentation can also help streamline the process and ensure timely progress.

What is the difference between Analyst Poam vs Analyst Risk?

AspectAnalyst PoamAnalyst Risk
Required CredentialsBachelor's degree, certifications like CISA or CISSP often preferredBachelor's degree, certifications like FRM or CRM often preferred
Work EnvironmentFinancial institutions, consulting firms, or regulatory agenciesFinancial services, banking, or insurance companies
Employer & Industry UsageUsed in compliance, audit, and control functionsUsed in risk management, credit, and operational risk departments

Both Analyst Poam and Analyst Risk roles require similar credentials and often work within financial or consulting environments. While Analyst Poam focuses on assessing and testing controls to meet compliance standards, Analyst Risk concentrates on identifying and managing various types of risks within organizations. Understanding these distinctions helps candidates target the right roles based on their skills and career goals.

What is an Analyst POAM?

An Analyst POAM (Plan of Actions and Milestones Analyst) is a professional responsible for managing and tracking security compliance issues within an organization. They focus on identifying, documenting, and monitoring the progress of remediation efforts for vulnerabilities or security gaps, typically as part of a cybersecurity or risk management team. Their work ensures that the organization addresses and resolves security findings in a timely manner to meet regulatory or internal compliance requirements.

What are the key skills and qualifications needed to thrive as an Analyst POA&M (Plan of Action and Milestones), and why are they important?

To thrive as an Analyst POA&M, you need a strong understanding of cybersecurity frameworks, risk management practices, and compliance requirements, typically supported by a degree in information security or a related field. Familiarity with tools like eMASS, RMF, and vulnerability assessment systems, as well as certifications such as Security+ or CISSP, is highly valued. Attention to detail, analytical thinking, and effective communication are crucial soft skills for accurately tracking issues and collaborating with stakeholders. These competencies ensure timely remediation of security gaps and ongoing compliance with regulatory standards, which are vital for organizational security and risk mitigation.
More about Analyst Poam jobs
What states have the most Analyst Poam jobs? States with the most job openings for Analyst Poam jobs include:
What job categories do people searching Analyst Poam jobs look for? The top searched job categories for Analyst Poam jobs are:
Analyst Poam jobs near you
System Technical Security Analyst

System Technical Security Analyst

FSR, LLC.

Herndon, VA โ€ข On-site, Remote

Full-time

Posted 24 days ago

Job description

Company Description
Entrusted by companies with challenging Cyber Security and IT data management recruiting needs, Flex Staffing Resources identifies exceptional talent and cutting edge companies and brings them together.
Job Description
System Technical Security Analyst
Location of Services: Herndon, VA 20171 (Remote)
Employment Type: FTE + Benefits
Client is supporting the FedRAMP and FISMA authorization(s) of new Cloud Products and 3rd Party Applications into our various cloud environments. This effort requires security testing/assessment support, the knowledge/development of the appropriate security documentation (i.e., System Security Plan (SSP), plans and procedures), and ongoing continuous monitoring activities. This position is majority remote (post-pandemic).
This role serves as a "hands-on" senior-level technical security analyst responsible for interfacing with the build, operations and security engineering teams on security issues and information gathering; creating and managing the Plan of Action and Milestones (POAM) for multiple environments, configuration/execution/analysis of vulnerability scans, gathering the security control implementations information for the technical controls and documenting their implementation in the SSP.
Additionally, this role will assist with the security assessments, and continuous monitoring evidence for any of the CLIENT environments (corporate, commercial regulated, FedRAMP, DOD and International).
The Technical Security Analyst will be responsible for maintenance of the commercial and corporate environment POAM and analysis of the corresponding vulnerability scans; development of the metrics / trends of vulnerabilities, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations and build teams, and technical documentation summary and update as required. This role serves as a senior level technical security analyst who has the knowledge to create policies and execute vulnerability scans as needed, evaluates the vulnerability scan data and control implementation and who can provide thoughtful recommendations, as well as conduct security impact analysis of changes to the environments. This role must communicate between security, engineering, build/development and operations teams daily, and be able to interpret and document the results of data gathering.
GENERAL RESPONSIBILITES:
  • Configuration, Execution and Analysis of vulnerability scans
  • Ability to interpret and assess network diagrams and drawings using Visio.
  • Identify and assess Cloud System state, including vulnerabilities, RMF package status/accreditation model, PPS compliance, and patching, Cyber Security Vulnerability Assessments (CSVA) mechanisms.
  • Demonstrate familiarity with current FedRAMP, DOD and NIST Security controls and technologies, including vulnerability management capabilities.
  • Understand enterprise operating environments, including security posture, application environment, and associated security controls
  • Understand/document information system specifications and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
  • Gather information, architecture diagrams and implementation of the security controls through interfacing with the security engineering, operations and build teams
  • Develop security documentation input of technical control implementation
  • Understand the intent of the FedRAMP moderate security controls, FISMA security controls and communicate as needed
  • Assist with the FedRAMP or FISMA authorization to include, but not limited to, prep of security engineering, build and operations teams through training and mock interviews, update implementation language in the security documentation and develop processes as required, and support FedRAMP PMO/ Agency / CISO requests
  • Maintain and update a monthly Plan of Actions and Milestones (POAM), inventory and other continuous monitoring deliverables as appropriate
  • Ability to respond effectively to customer's concerns regarding ConMon activities

Qualifications
  • Bachelor's Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical discipline
  • Minimum 5 years Information Technology experience
  • Experience with Cloud technologies, especially AWS and Azure, desirable
  • Experience with FedRAMP and/or other authorization processes and NIST risk management framework
  • Execution and Analysis of vulnerability scans; such as but not limited to: Nessus/Security Center, WebInspect, etc.
  • Familiarity with Splunk to execute queries, search/review data for impact.
  • Experience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirable
  • Flexible, self-motivated, and able to work independently in a fast paced environment
  • Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.
  • Skill in preparing and making written and oral presentations of complex technical nature.
  • Demonstrated ability to coordinate multiple tasks
  • U.S. Citizenship

SPECIFIC TECHNICAL SKILLS DESIRED:
  • Professional industry certifications in area of expertise.
  • Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)
  • ISC CISSP or ISACA CISM or equivalent certification

Additional Information
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.

Apply