Continuous Monitoring Jobs (NOW HIRING)

Job Summary:
Chenega MIOS is a company that supports large-scale government operations by leveraging cutting-edge technology. They are seeking a Cybersecurity Analyst to support Department of Defense cybersecurity operations by executing vulnerability management, security compliance, and Continuous Monitoring activities in accordance with the Risk Management Framework.
Responsibilities:
• Perform vulnerability scanning using Assured Compliance Assessment Solution (ACAS) (e.g., Tenable.sc / Nessus).
• Enforcing the ACAS best practice guide requirements when performing vulnerability scans in ACAS
• Analyze scan results to identify vulnerabilities, misconfigurations, and compliance gaps.
• Validate findings against the latest released DISA STIGs and applicable security baselines.
• Review of provided checklists and working with system admins in identifying gaps for POA&M creation.
• Assess and track vulnerabilities in accordance with DoD timelines and risk severity.
• Correlate vulnerabilities with IAVA/IAVM notices and ensure timely remediation or mitigation.
• Develop and maintain Plan of Action and Milestones (POA&M) documentation.
• Maintenance of Risk Acceptance (RA) POA&M items within SOR (System of Record) and coordinating with System administrators to validate that RA is required instead of a POA&M.
• Apply and validate Security Technical Implementation Guides (STIGs) across operating systems, applications, and network devices.
• Conduct manual and automated STIG compliance checks using tools such as ACAS Audit checks, STIG Viewer, SCAP Compliance Checker (SCC), and Evaluate-STIG.
• Document compliance status and provide remediation guidance to system administrators.
• Support system hardening efforts aligned with DoD baseline configurations.
• Ensure that golden images are maintained for Servers (RHEL and Windows) and Workstations following STIG guidance.
• Monitor and assess Information Assurance Vulnerability Alerts (IAVAs) and Bulletins (IAVBs).
• Determine system applicability and operational impact.
• Coordinate remediation actions and track compliance deadlines.
• Maintain IAVA compliance reporting and documentation for audits.
• Execute Continuous Monitoring activities in accordance with RMF Step 6.
• Monitor security controls for effectiveness and ongoing compliance.
• Conduct control assessments and assist with periodic security reviews.
• Support automated and manual data collection for ConMon dashboards and reporting.
• Identify trends, recurring issues, and systemic risks across systems.
• Support RMF activities across all six steps, with emphasis on:
• Control implementation validation
• Security control assessment support
• Ongoing authorization (ATO sustainment)
• Update and maintain RMF artifacts, including:
• System Security Plan (SSP)
• Security Assessment Report (SAR)
• Plan of Action and Milestones (POA&M)
• Security Assessment Plan (SAP)
• Map vulnerabilities and findings to NIST SP 800-53 controls.
• Generate vulnerability and compliance reports for leadership and Authorizing Officials (AOs).
• Provide risk-based recommendations and remediation strategies.
• Maintain audit-ready documentation in accordance with DoD and agency requirements.
• Other duties as assigned
Qualifications:
Required:
• High school diploma or GED equivalent
• 5+ years of experience in DoD cybersecurity or RMF-based environments
• Hands-on experience with: ACAS (Nessus / Tenable.sc), STIG implementation and validation, IAVA/IAVM processes, Experience with vulnerability assessment, risk analysis, and remediation tracking.
• DoD 8570/8140 Compliance: Must meet IAT Level II requirements (e.g., Security+)
• Active DoD Top Secret clearance with SCI eligibility.
• Strong understanding of: DoD RMF (DoDI 8510.01), NIST SP 800-53 security controls
• Ability to manage multiple systems and priorities in a regulated environment
• Strong analytical and problem-solving skills
• Attention to detail and compliance rigor
• Ability to translate technical risk into mission impact
• Effective communication with technical and non-technical stakeholders
Preferred:
• Relevant certifications: Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH) or equivalent, DISA ACAS Training Certificate
• Experience with: ACAS, SCAP Compliance Checker (SCC) / Evaluate-STIG, STIG Viewer, eMASS, Xacta, Trellix, MDE, Splunk, Elastic
• Familiarity with scripting (e.g., PowerShell, Python) for automation.
• Experience in enterprise-level ConMon programs or NOSC/SOC environments.
Company:
Chenega MIOS (Military, Intelligence, and Operations Support) brings together a family of high‑performing companies united by a common purpose: supporting the most critical missions of the federal government, the Department of Defense, and the Intelligence Community. Founded in 2010, the company is headquartered in Lorton, VA, US, , with a team of 1001-5000 employees. The company is currently Late Stage.