1

Fisma Analyst Jobs (NOW HIRING)

System Technical Security Analyst Location of Services: Herndon, VA 20171 (Remote) Employment Type ... FTE + Benefits Client is supporting the FedRAMP and FISMA authorization(s) of new Cloud Products ...

System Technical Security Analyst Location of Services: Herndon, VA 20171 (Remote) Employment Type ... FTE + Benefits Client is supporting the FedRAMP and FISMA authorization(s) of new Cloud Products ...

Information Security Analyst

Atlanta, GA ยท On-site

$40 - $50/hr

Support internal and external audits (IRS, CMS, SSA, NIST, FISMA) with required documentation and ... Triage and analyze security incidents across enterprise systems. * Collaborate with IT and business ...

FTE + Benefits Remote: 80% (4 days a week) Supports the FedRAMP and FISMA authorization(s) of new ... This role serves as a "hands-on" senior-level technical security analyst responsible for ...

Perform ongoing analysis and review of security policies and standards to ensure accuracy, completeness, and consistency with NIST 800-53, NIST CSF, OMB guidance, FISMA, and other applicable mandates.

New

Scorecard, FISMA, Cybersecurity Workforce (CSWF), etc.). Coordinating with all applicable agencies ... and strong analytical skills. * U.S. Citizenship and an active Top-Secret clearance with the ...

FTE + Benefits Remote: 80% (4 days a week) Client supports the FedRAMP and FISMA authorization(s ... This role serves as a "hands-on" senior-level technical security analyst responsible for ...

FTE + Benefits Remote: 80% (4 days a week) Client supports the FedRAMP and FISMA authorization(s ... This role serves as a "hands-on" senior-level technical security analyst responsible for ...

FTE + Benefits Remote: 80% (4 days a week) Supports the FedRAMP and FISMA authorization(s) of new ... This role serves as a "hands-on" senior-level technical security analyst responsible for ...

Cybersecurity Compliance Analyst

Arlington, VA ยท On-site

$80K - $120K/yr

Scorecard, FISMA, Cybersecurity Workforce (CSWF), etc.). Coordinating with all applicable agencies ... and strong analytical skills. * U.S. Citizenship and an active Top-Secret clearance with the ...

next page

Showing results 1-20

Fisma Analyst information

See salary details

$16

$31

$48

How much do fisma analyst jobs pay per hour?

As of Jul 17, 2026, the average hourly pay for fisma analyst in the United States is $31.53, according to ZipRecruiter salary data. Most workers in this role earn between $25.24 and $35.82 per hour, depending on experience, location, and employer.

What are the key skills and qualifications needed to thrive as a FISMA Analyst, and why are they important?

To thrive as a FISMA Analyst, you need strong knowledge of information security principles, risk assessment, and compliance frameworks, often supported by a degree in cybersecurity or related fields. Familiarity with tools like NIST RMF, vulnerability scanners, and certifications such as CISSP or CISA are typical requirements. Analytical thinking, attention to detail, and effective communication are vital soft skills for interpreting regulations and working with teams. These skills ensure organizations maintain compliance with federal security standards, protecting sensitive information and reducing risk.

What are some common challenges FISMA Analysts face when ensuring compliance across multiple departments?

FISMA Analysts often encounter challenges coordinating with various departments to gather necessary documentation and enforce standardized security practices. Each department may have different systems, risk tolerances, and levels of security awareness, making it crucial for FISMA Analysts to communicate requirements clearly and foster collaboration. Additionally, keeping up with evolving federal regulations and ensuring timely completion of assessments can be demanding. Building strong relationships and maintaining organized tracking systems are key strategies to overcome these hurdles.

What are FISMA Analysts?

FISMA Analysts are professionals who ensure that organizations comply with the Federal Information Security Management Act (FISMA). They assess and monitor the security of information systems, perform risk assessments, and help implement security controls to protect federal data. Their work involves preparing documentation, conducting audits, and coordinating with other stakeholders to ensure continuous compliance. FISMA Analysts play a critical role in safeguarding government information and supporting cybersecurity best practices within federal agencies.

What is the difference between Fisma Analyst vs Security Analyst?

AspectFisma AnalystSecurity Analyst
CertificationsFISMA-related certifications, CISSP, CISACISSP, Security+, CEH
Work EnvironmentGovernment agencies, federal contractorsPrivate sector, corporations, government
Primary FocusFederal compliance, FISMA regulationsCybersecurity threats, network security
Industry UsageHigh in government and defenseBroad across industries

Fisma Analysts primarily focus on federal compliance with FISMA regulations, working within government agencies or contractors. Security Analysts have a broader cybersecurity role, addressing threats and protecting networks across various industries. While both roles require cybersecurity certifications, Fisma Analysts specialize in compliance, whereas Security Analysts focus on threat mitigation.

More about Fisma Analyst jobs
System Technical Security Analyst

System Technical Security Analyst

FSR, LLC.

Herndon, VA โ€ข Remote

Full-time

Re-posted 28 days ago


Job description

Company Description

Entrusted by companies with challenging Cyber Security and IT data management recruiting needs, Flex Staffing Resources identifies exceptional talent and cutting edge companies and brings them together.ย 

Job Description

System Technical Security Analyst

Location of Services: Herndon, VA 20171 (Remote)

Employment Type: FTE + Benefits

Client is supporting the FedRAMP and FISMA authorization(s) of new Cloud Products and 3rd Party Applications into our various cloud environments. This effort requires security testing/assessment support, the knowledge/development of the appropriate security documentation (i.e., System Security Plan (SSP), plans and procedures), and ongoing continuous monitoring activities. This position is majority remote (post-pandemic).

This role serves as a "hands-on" senior-level technical security analyst responsible for interfacing with the build, operations and security engineering teams on security issues and information gathering; creating and managing the Plan of Action and Milestones (POAM) for multiple environments, configuration/execution/analysis of vulnerability scans, gathering the security control implementations information for the technical controls and documenting their implementation in the SSP.

Additionally, this role will assist with the security assessments, and continuous monitoring evidence for any of the CLIENT environments (corporate, commercial regulated, FedRAMP, DOD and International).

The Technical Security Analyst will be responsible for maintenance of the commercial and corporate environment POAM and analysis of the corresponding vulnerability scans; development of the metrics / trends of vulnerabilities, assisting with the FedRAMP or FISMA authorization processes to include prep of the operations and build teams, and technical documentation summary and update as required. This role serves as a senior level technical security analyst who has the knowledge to create policies and execute vulnerability scans as needed, evaluates the vulnerability scan data and control implementation and who can provide thoughtful recommendations, as well as conduct security impact analysis of changes to the environments. This role must communicate between security, engineering, build/development and operations teams daily, and be able to interpret and document the results of data gathering.

GENERAL RESPONSIBILITES:

  • Configuration, Execution and Analysis of vulnerability scans
  • Ability to interpret and assess network diagrams and drawings using Visio.
  • Identify and assessย Cloud Systemย state, including vulnerabilities, RMF package status/accreditation model,ย PPS compliance, and patching,ย Cyber Security Vulnerability Assessmentsย (CSVA) mechanisms.
  • Demonstrate familiarity with current FedRAMP, DOD and NIST Security controls and technologies, including vulnerability management capabilities.
  • Understand enterprise operating environments, including security posture, application environment, and associated security controls
  • Understand/document information system specificationsย and security controls, including logical and physical diagrams, connectivity, communication, and data flow diagrams, both internal and external to the system.
  • Gather information, architecture diagrams and implementation of the security controls through interfacing with the security engineering, operations and build teams
  • Develop security documentation input of technical control implementation
  • Understand the intent of the FedRAMP moderate security controls, FISMA security controls and communicate as needed
  • Assist with the FedRAMP or FISMA authorization to include, but not limited to, prep of security engineering, build and operations teams through training and mock interviews, update implementation language in the security documentation and develop processes as required, and support FedRAMP PMO/ Agency / CISO requests
  • Maintain and update a monthly Plan of Actions and Milestones (POAM), inventory and other continuous monitoring deliverables as appropriate
  • Ability to respond effectively to customer's concerns regarding ConMon activities
Qualifications
  • Bachelor's Degree in Computer Science / MIS / Information Technology, or equivalent experience in Information Security, Information Technology, or related technical discipline
  • Minimum 5 years Information Technology experience
  • Experience with Cloud technologies, especially AWS and Azure, desirable
  • Experience with FedRAMPย and/or other authorization processes and NIST risk management framework
  • Execution and Analysis of vulnerability scans; such as but not limited to:ย Nessus/Security Center, WebInspect, etc.
  • Familiarity with Splunkย to execute queries, search/review data for impact.
  • Experience in developing, evaluating, and implementing information security architectures, technologies, standards, and practices to secure applications and IT systems, desirable
  • Flexible, self-motivated, and able to work independently in a fast paced environment
  • Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.
  • Skill in preparing and making written and oral presentations of complex technical nature.
  • Demonstrated ability to coordinate multiple tasks
  • U.S. Citizenship

SPECIFIC TECHNICAL SKILLS DESIRED:

  • Professional industry certifications in area of expertise.
  • Knowledge of Best Practice and security guides (ex. NIST 800-53 rev 4, NIST 800-53, FedRAMP)
  • ISC CISSP or ISACA CISM or equivalent certification
Additional Information

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.