Assessment and Authorization (A&A) Analyst (Journeyman)

Assessment and Authorization (A&A) Analyst (Journeyman)

Please Note:  This position is pending a contract award.  If you are interested in a future with Cherokee Federal, APPLY TODAY!  Although this is not an approved position, we are accepting applications for this future and anticipated need.

This position requires an active Public Trust clearance or the ability to obtain a  Public Trust clearance to be considered. 

Cherokee Nation System Solutions, LLC is seeking a motivated and detail-oriented Assessment and Authorization Analyst (Journeyman) to join our team supporting the U.S. National Science Foundation (NSF). The ideal candidate will assist in the security authorization process of IT systems to ensure compliance with federal security standards, including FISMA, NIST, and other relevant cybersecurity frameworks. As an A&A Analyst, you will play an important role in helping NSF assess and maintain the security posture of their information systems by supporting the preparation and submission of authorization packages.

This is an excellent opportunity for early-career professionals looking to grow their expertise in cybersecurity and risk management within the federal sector.

Compensation & Benefits:

• Estimated Starting Salary Range for Assessment and Authorization (A&A) Analyst (Journeyman): Pay commensurate with experience.
• Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided.  Benefits are subject to change with or without notice.

Assessment and Authorization (A&A) Analyst (Journeyman) Responsibilities Include: 

• NSF Assessment and Authorization (A&A) Process: Assist in preparing, documenting, and submitting A&A packages for federal IT systems in compliance with FedRAMP, FISMA, NIST 800-53, NIST 800-37, and related standards.
• System Security Plans (SSPs): Develop, review, and maintain SSPs detailing implemented security controls.
• Risk Assessments: Conduct risk and security control assessments to identify vulnerabilities, threats, and impacts.
• Security Control Documentation: Document and track security controls throughout the A&A and continuous monitoring phases.
• Control Verification: Ensure proper implementation and functionality of security controls per federal regulations.
• Continuous Monitoring: Monitor systems post-authorization, assessing and documenting changes to configurations or security controls.
• Compliance Assessments: Perform compliance audits and updates to ensure systems meet regulatory and contractual requirements.
• Critical Software Documentation: Maintain NSF's repository of critical software self-attestations in compliance with OMB M-22-18 and OMB M-23-16.
• Reporting and Documentation: Prepare documentation for A&A activities, including POA&Ms, risk assessments, and required artifacts.
• Collaboration: Work with Infrastructure Services, Security Services, Oversight and Compliance, and other teams to support the security authorization lifecycle.
• Training and Development: Stay informed on evolving cybersecurity practices, federal guidance, and participate in professional development.
• Security Baselines: Assist the Security Configuration Management Lead in customizing audit files based on STIGs and CIS benchmarks for use with Tenable.sc as needed.
• Performs other job-related duties as assigned

Assessment and Authorization (A&A) Analyst (Journeyman) Experience, Education, Skills, Abilities requested: 

• Bachelor’s degree in Cybersecurity, IT, Computer Science, or related field, or equivalent experience.
• Minimum 2 years in cybersecurity, risk management, or A&A processes. Familiarity with SSPs, POA&Ms, or related documentation is a plus.
• Security required. Preferred certifications include CISA, CISSP, or CISM.
• Strong understanding of federal cybersecurity regulations (e.g., FISMA, NIST SP 800-53, FedRAMP) and NIST Risk Management framework.
• Basic understanding of security controls, risk management, and federal security regulations.
• Strong attention to detail, organizational, and communication skills.
• Proficiency in Microsoft Office Suite, Teams, Adobe Acrobat Pro, and Zoom.
• Ability to learn new tools and processes quickly and work independently or collaboratively.
• Preferred Qualifications:
• Familiarity with tools like Tenable.sc, Nessus, or Splunk.
• Knowledge of authorization management tools (e.g., CSAM, ServiceNow, or similar platforms).
• Knowledge of authorization management platforms (e.g., CSAM, ServiceNow).
• Understanding of network security, encryption, and cloud security best practices for platforms like AWS or Azure.
• Must pass pre-employment qualifications of Cherokee Federal

Company Information:

Cherokee Nation System Solutions (CNSS) is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about CNSS, visit cherokee-federal.com.

#CherokeeFederal #LI #LI-REMOTE

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Keywords

• Assessment and Authorization (A&A)
• NIST Risk Management Framework
• Cybersecurity Compliance
• System Security Plans (SSPs)
• Federal IT Security

Similar Job Titles

• Information Systems Security Analyst
• Cybersecurity Compliance Specialist
• Risk Management Analyst
• IT Security Consultant
• Security Control Assessor (SCA)

Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request.

Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.