Information Security Analyst/Senior - Point Mugu, CA
F3EA, Inc., California, MO, United States
Job Summary
F3EA is seeking a Senior Information Security Analyst to support Blue Water Instrumentation (BWI) RDT&E Tranche 1 operations at the Point Mugu Sea Range. This role is responsible for the assessment, monitoring, and compliance reporting of cybersecurity controls across R&D test environments, prototype systems, developmental networks, and data pipelines supporting maritime instrumentation, telemetry, Command-and-Control experimentation, and AI-Driven Instrumentation (AIDI) activities.
The Senior Information Security Analyst will assess security posture, validate compliance, track POA&M burndown, and report findings to program leadership and Government stakeholders. This role operates under the guidance of the program's ISSM or ISSE and focuses on analysis, assessment, and documentation rather than system design or security architecture. The analyst coordinates with Government cybersecurity authorities on test environment authorizations in a contractor support capacity.
Continuous monitoring and compliance activities are scaled to developmental use and tied to scheduled RDT&E event windows rather than enterprise-grade 24/7 operations. This position ensures that security compliance is continuously assessed and clearly communicated, enabling informed risk decisions without impeding innovation, prototyping, and testing.
Roles and Responsibilities
Assess system configurations and validate compliance of R&D test environments and prototype systems with DoD cybersecurity requirements (RMF per DoDI 8510.01, NIST SP 800-53, CNSSI 1253, DoD Zero Trust Reference Architecture, and EO 14028)
Conduct scheduled and ad-hoc vulnerability scans using ACAS/Tenable Nessus and SCAP Compliance Checker (SCC) scaled to developmental use; analyze results and produce findings reports with remediation recommendations
Validate DISA STIG compliance across Windows, Linux, and network infrastructure in R&D test environments using STIG Viewer; document deviations and track remediation
Support development, review, and maintenance of IATT and limited ATO authorization package artifacts within eMASS, including SSPs, POA&Ms, risk assessments, and inheritance mappings (CDRL A007)
Develop and maintain security control inheritance mappings identifying which controls inherit from the range/enclave authorization versus system-specific implementations
Own POA&M burndown tracking and reporting as a primary deliverable tied to PRS metrics; coordinate remediation timelines with engineering and IT teams
Monitor systems for security events and anomalies using SIEM tools (Splunk or equivalent) during scheduled RDT&E event windows; elevate and document incidents per established IR procedures
Conduct security control assessments per NIST SP 800-53A; document assessment results and maintain assessment evidence for R&D test environments
Assess cybersecurity compliance of DoD Cloud SRG-aligned test environments, including IL6 and other applicable impact levels supporting AIDI/data pipelines
Maintain comprehensive documentation of security controls, compliance status, risk posture, residual risk mitigations, and continuous monitoring activities scaled to developmental use
Support audit readiness by preparing compliance packages, briefings, and evidence for NAVAIR, NAWCWD, and other Government stakeholders
Review and validate security configurations proposed by engineering teams; provide risk analysis and compliance feedback
Validate proper handling, marking, and protection of CUI, COMSEC material, ITAR/EAR-controlled technical data, and distribution-limited information per applicable policy
Coordinate with Government cybersecurity authorities (ISSM, AO, SCA) on test environment authorizations in a contractor support capacity
Support CAC/SAAR process compliance validation and PKI/email encryption compliance per DoD policy
Generate recurring and ad-hoc security posture reports, metrics dashboards, POA&M burndown reports, and compliance scorecards for program and Government leadership
Maintain current knowledge of emerging threats, vulnerabilities, and changes to DoD/DoN cybersecurity policy; advise program leadership on impacts to R&D test environments
Supervisory Responsibilities
None - May provide mentorship and analytical guidance to junior security personnel.
Required Qualifications and Education
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent combination of education and experience)
10+ years of experience in cybersecurity analysis, information assurance, compliance, or information security assessment roles within DoD/DoN environments
Strong working knowledge of DoD cybersecurity frameworks: RMF (DoDI 8510.01), NIST SP 800-53, NIST SP 800-171, CNSSI 1253, and DoD Zero Trust Reference Architecture
Demonstrated experience supporting IATT and ATO processes and managing RMF artifacts, inheritance mappings, and POA&Ms within eMASS
Hands-on proficiency with ACAS/Tenable Nessus, SCAP Compliance Checker (SCC), and DISA STIG Viewer
Experience with SIEM platforms (Splunk preferred) for security event monitoring and analysis
Familiarity with DoD Cloud Security Requirements Guide (SRG) and compliance assessment of cloud-based test environments (IL4/IL5/IL6)
Strong understanding of security control assessment methodologies per NIST SP 800-53A
Familiarity with POA&M management, continuous monitoring processes, and compliance reporting
Understanding of COMSEC compliance validation requirements
Strong analytical, written communication, and briefing/presentation skills
Ability to work independently, prioritize competing assessment deadlines, and make risk-informed recommendations
U.S. citizenship required
Active DoD Secret clearance required; TS/SCI eligibility preferred; must be eligible for SAP access based on tasking
One or more of the following, commensurate with IAM Level II/III:
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CASP+ (CompTIA Advanced Security Practitioner)
Security+ CE (minimum for IAM Level II)
Preferred Qualifications and Education
Experience supporting DoD test ranges, RDT&E programs, NAWCWD, NAVAIR, or Point Mugu Sea Range environments
Experience assessing developmental, prototype, or field-deployable systems at TRL 4-6
Familiarity with CMMC 2.0 Level 2 requirements and contractor compliance assessment
Familiarity with cross-domain solution (CDS) compliance requirements
Knowledge of TEMPEST/EMSEC compliance considerations in range environments
Experience with OT/IT convergence security assessment in instrumentation, telemetry, or USV/autonomous platform networks
Familiarity with DoD Cloud SRG IL6 compliance assessment
Familiarity with IRIG-106 and T&E range data standards
Experience with EO 14028 compliance assessment in DoD environments
COMSEC compliance validation experience
ITAR/EAR data handling compliance requirements familiarity
Experience supporting FMS (Foreign Military Sales) program security requirements
Additional certifications: CAP (Certified Authorization Professional), CISA, CEH, CCSP, Tenable Certified, Splunk Core Certified User
Work authorization/security clearance requirements
Ability to obtain and maintain a Department of Defense security clearance.
Physical Demands/Work Environment
Combination of office, laboratory, and operational environments
Close coordination with IT, engineering, and program personnel
May require support during test events or elevated operational periods
Affirmative Action/EEO statement
F3EA, Inc. is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. F3EA, Inc. makes hiring decisions based solely on qualifications, merit, and business needs at the time.
Other duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
#J-18808-Ljbffr
F3EA is seeking a Senior Information Security Analyst to support Blue Water Instrumentation (BWI) RDT&E Tranche 1 operations at the Point Mugu Sea Range. This role is responsible for the assessment, monitoring, and compliance reporting of cybersecurity controls across R&D test environments, prototype systems, developmental networks, and data pipelines supporting maritime instrumentation, telemetry, Command-and-Control experimentation, and AI-Driven Instrumentation (AIDI) activities.
The Senior Information Security Analyst will assess security posture, validate compliance, track POA&M burndown, and report findings to program leadership and Government stakeholders. This role operates under the guidance of the program's ISSM or ISSE and focuses on analysis, assessment, and documentation rather than system design or security architecture. The analyst coordinates with Government cybersecurity authorities on test environment authorizations in a contractor support capacity.
Continuous monitoring and compliance activities are scaled to developmental use and tied to scheduled RDT&E event windows rather than enterprise-grade 24/7 operations. This position ensures that security compliance is continuously assessed and clearly communicated, enabling informed risk decisions without impeding innovation, prototyping, and testing.
Roles and Responsibilities
Assess system configurations and validate compliance of R&D test environments and prototype systems with DoD cybersecurity requirements (RMF per DoDI 8510.01, NIST SP 800-53, CNSSI 1253, DoD Zero Trust Reference Architecture, and EO 14028)
Conduct scheduled and ad-hoc vulnerability scans using ACAS/Tenable Nessus and SCAP Compliance Checker (SCC) scaled to developmental use; analyze results and produce findings reports with remediation recommendations
Validate DISA STIG compliance across Windows, Linux, and network infrastructure in R&D test environments using STIG Viewer; document deviations and track remediation
Support development, review, and maintenance of IATT and limited ATO authorization package artifacts within eMASS, including SSPs, POA&Ms, risk assessments, and inheritance mappings (CDRL A007)
Develop and maintain security control inheritance mappings identifying which controls inherit from the range/enclave authorization versus system-specific implementations
Own POA&M burndown tracking and reporting as a primary deliverable tied to PRS metrics; coordinate remediation timelines with engineering and IT teams
Monitor systems for security events and anomalies using SIEM tools (Splunk or equivalent) during scheduled RDT&E event windows; elevate and document incidents per established IR procedures
Conduct security control assessments per NIST SP 800-53A; document assessment results and maintain assessment evidence for R&D test environments
Assess cybersecurity compliance of DoD Cloud SRG-aligned test environments, including IL6 and other applicable impact levels supporting AIDI/data pipelines
Maintain comprehensive documentation of security controls, compliance status, risk posture, residual risk mitigations, and continuous monitoring activities scaled to developmental use
Support audit readiness by preparing compliance packages, briefings, and evidence for NAVAIR, NAWCWD, and other Government stakeholders
Review and validate security configurations proposed by engineering teams; provide risk analysis and compliance feedback
Validate proper handling, marking, and protection of CUI, COMSEC material, ITAR/EAR-controlled technical data, and distribution-limited information per applicable policy
Coordinate with Government cybersecurity authorities (ISSM, AO, SCA) on test environment authorizations in a contractor support capacity
Support CAC/SAAR process compliance validation and PKI/email encryption compliance per DoD policy
Generate recurring and ad-hoc security posture reports, metrics dashboards, POA&M burndown reports, and compliance scorecards for program and Government leadership
Maintain current knowledge of emerging threats, vulnerabilities, and changes to DoD/DoN cybersecurity policy; advise program leadership on impacts to R&D test environments
Supervisory Responsibilities
None - May provide mentorship and analytical guidance to junior security personnel.
Required Qualifications and Education
Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent combination of education and experience)
10+ years of experience in cybersecurity analysis, information assurance, compliance, or information security assessment roles within DoD/DoN environments
Strong working knowledge of DoD cybersecurity frameworks: RMF (DoDI 8510.01), NIST SP 800-53, NIST SP 800-171, CNSSI 1253, and DoD Zero Trust Reference Architecture
Demonstrated experience supporting IATT and ATO processes and managing RMF artifacts, inheritance mappings, and POA&Ms within eMASS
Hands-on proficiency with ACAS/Tenable Nessus, SCAP Compliance Checker (SCC), and DISA STIG Viewer
Experience with SIEM platforms (Splunk preferred) for security event monitoring and analysis
Familiarity with DoD Cloud Security Requirements Guide (SRG) and compliance assessment of cloud-based test environments (IL4/IL5/IL6)
Strong understanding of security control assessment methodologies per NIST SP 800-53A
Familiarity with POA&M management, continuous monitoring processes, and compliance reporting
Understanding of COMSEC compliance validation requirements
Strong analytical, written communication, and briefing/presentation skills
Ability to work independently, prioritize competing assessment deadlines, and make risk-informed recommendations
U.S. citizenship required
Active DoD Secret clearance required; TS/SCI eligibility preferred; must be eligible for SAP access based on tasking
One or more of the following, commensurate with IAM Level II/III:
CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
CASP+ (CompTIA Advanced Security Practitioner)
Security+ CE (minimum for IAM Level II)
Preferred Qualifications and Education
Experience supporting DoD test ranges, RDT&E programs, NAWCWD, NAVAIR, or Point Mugu Sea Range environments
Experience assessing developmental, prototype, or field-deployable systems at TRL 4-6
Familiarity with CMMC 2.0 Level 2 requirements and contractor compliance assessment
Familiarity with cross-domain solution (CDS) compliance requirements
Knowledge of TEMPEST/EMSEC compliance considerations in range environments
Experience with OT/IT convergence security assessment in instrumentation, telemetry, or USV/autonomous platform networks
Familiarity with DoD Cloud SRG IL6 compliance assessment
Familiarity with IRIG-106 and T&E range data standards
Experience with EO 14028 compliance assessment in DoD environments
COMSEC compliance validation experience
ITAR/EAR data handling compliance requirements familiarity
Experience supporting FMS (Foreign Military Sales) program security requirements
Additional certifications: CAP (Certified Authorization Professional), CISA, CEH, CCSP, Tenable Certified, Splunk Core Certified User
Work authorization/security clearance requirements
Ability to obtain and maintain a Department of Defense security clearance.
Physical Demands/Work Environment
Combination of office, laboratory, and operational environments
Close coordination with IT, engineering, and program personnel
May require support during test events or elevated operational periods
Affirmative Action/EEO statement
F3EA, Inc. is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. F3EA, Inc. makes hiring decisions based solely on qualifications, merit, and business needs at the time.
Other duties
Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.
#J-18808-Ljbffr