Security & Compliance Analyst (for Proposal bid)
Job Description:
The Security & Compliance Analyst will provide specialized support to ensure that all cloud modernization and sustainment activities for Rural Development (RD) applications meet federal security, privacy, and compliance requirements within the FedRAMP Moderate government cloud.
Note: This role is for a proposal. Offer will be contingent upon proposal award which is scheduled for approximately
Duties/ Responsibilities
• Conduct application-level security architecture reviews and gap assessments against USDA security baselines, FedRAMP, FISMA, and NIST 800-53 control requirements.
• Develop and maintain security control traceability, mapping application architectures and implementations to NIST 800-53 and USDA/OCIO requirements, including FIPS 199 categorization and FISMA alignment.
• Prepare, review, and maintain ATO and RMF documentation for modernized applications, including SSP, PIA, PTA, ISA, MOU, and supporting artifacts.
• Track and support remediation of security findings and POA&Ms, coordinating with engineering, DevSecOps, and OCIO security teams to ensure timely closure and accurate status reporting.
• Advise on secure logging, monitoring, and audit strategies using OCIO-approved, CSP-native tools (e.g., Azure Monitor, AWS CloudWatch) while avoiding duplication of OCIO enterprise responsibilities.?
• Validate that DevSecOps pipelines include appropriate security scanning, compliance checks, and audit logging to meet FedRAMP, FISMA, and NIST 800-53 requirements.
• Support Section 508, records management, and privacy obligations as they relate to application modernization deliverables, including verification that artifacts and solutions meet USDA accessibility and records standards.
• Participate in risk assessments, change reviews, and modernization planning to identify security and compliance impacts and recommend mitigation strategies.
• Contribute to security-related training, operational runbooks, incident response playbooks, and knowledge transfer materials for RD operations and security teams.
Required Skills/Abilities
• In-depth knowledge of FedRAMP, FISMA, NIST 800-53, RMF, and federal security and privacy statutes and policies applicable to USDA.
• Demonstrated experience preparing and maintaining ATO documentation (SSP, PIA, PTA, ISA, MOU) and supporting POA&M tracking and remediation.
• One or more relevant security certifications (e.g., CISSP, CISM, CISA, CCSP or similar).
• Familiarity with cloud security concepts and controls in major CSPs (e.g., Azure, AWS), including logging, monitoring, identity and access management, and encryption.
• U.S. Citizenship required
Nice to Have Skills
• Prior experience supporting security and compliance for federal cloud migration or modernization projects, ideally within FedRAMP Moderate or higher environments.
• Experience collaborating with ISSOs, system owners, AO organizations, and enterprise security teams to navigate RMF and ATO processes.
• Knowledge of Section 508 accessibility requirements, federal records management obligations, and USDA or similar departmental directives.
Education and Experience:
• Bachelor’s degree in Cybersecurity, Information Assurance, Information Systems, or a closely related field.
• One or more relevant security certifications (e.g., CISSP, CISM, CISA, CCSP or similar).
• Minimum 5 years of experience in federal IT security, compliance, and risk management, preferably with cloud or hybrid environments.
Travel Requirement:
• None
Clearance Requirement:
• Ability to obtain a Public Trust
Dynamo is a full lifecycle digital transformation company providing best-in-class technology and mission support services to our clients. Dynamo’s mission is to lead the digital transformation industry and provide best-in-class solutions for our clients with a truly human touch.
We leverage industry leading practices to empower our clients, ultimately providing them with the necessary tools, knowledge, and information required to successfully achieve their strategic goals, while optimizing their operations.
Through our partnerships, boldness, and authenticity, Dynamo goes against the grain of a traditional government contracting company by providing top-caliber team members, delivering quality results, and always exceeding expectations.
Dynamo Technologies is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, disability, protected veteran status, age, or any other characteristic protected by law. JFNDNP
Apply Now
Apply Now
The Security & Compliance Analyst will provide specialized support to ensure that all cloud modernization and sustainment activities for Rural Development (RD) applications meet federal security, privacy, and compliance requirements within the FedRAMP Moderate government cloud.
Note: This role is for a proposal. Offer will be contingent upon proposal award which is scheduled for approximately
Duties/ Responsibilities
• Conduct application-level security architecture reviews and gap assessments against USDA security baselines, FedRAMP, FISMA, and NIST 800-53 control requirements.
• Develop and maintain security control traceability, mapping application architectures and implementations to NIST 800-53 and USDA/OCIO requirements, including FIPS 199 categorization and FISMA alignment.
• Prepare, review, and maintain ATO and RMF documentation for modernized applications, including SSP, PIA, PTA, ISA, MOU, and supporting artifacts.
• Track and support remediation of security findings and POA&Ms, coordinating with engineering, DevSecOps, and OCIO security teams to ensure timely closure and accurate status reporting.
• Advise on secure logging, monitoring, and audit strategies using OCIO-approved, CSP-native tools (e.g., Azure Monitor, AWS CloudWatch) while avoiding duplication of OCIO enterprise responsibilities.?
• Validate that DevSecOps pipelines include appropriate security scanning, compliance checks, and audit logging to meet FedRAMP, FISMA, and NIST 800-53 requirements.
• Support Section 508, records management, and privacy obligations as they relate to application modernization deliverables, including verification that artifacts and solutions meet USDA accessibility and records standards.
• Participate in risk assessments, change reviews, and modernization planning to identify security and compliance impacts and recommend mitigation strategies.
• Contribute to security-related training, operational runbooks, incident response playbooks, and knowledge transfer materials for RD operations and security teams.
Required Skills/Abilities
• In-depth knowledge of FedRAMP, FISMA, NIST 800-53, RMF, and federal security and privacy statutes and policies applicable to USDA.
• Demonstrated experience preparing and maintaining ATO documentation (SSP, PIA, PTA, ISA, MOU) and supporting POA&M tracking and remediation.
• One or more relevant security certifications (e.g., CISSP, CISM, CISA, CCSP or similar).
• Familiarity with cloud security concepts and controls in major CSPs (e.g., Azure, AWS), including logging, monitoring, identity and access management, and encryption.
• U.S. Citizenship required
Nice to Have Skills
• Prior experience supporting security and compliance for federal cloud migration or modernization projects, ideally within FedRAMP Moderate or higher environments.
• Experience collaborating with ISSOs, system owners, AO organizations, and enterprise security teams to navigate RMF and ATO processes.
• Knowledge of Section 508 accessibility requirements, federal records management obligations, and USDA or similar departmental directives.
Education and Experience:
• Bachelor’s degree in Cybersecurity, Information Assurance, Information Systems, or a closely related field.
• One or more relevant security certifications (e.g., CISSP, CISM, CISA, CCSP or similar).
• Minimum 5 years of experience in federal IT security, compliance, and risk management, preferably with cloud or hybrid environments.
Travel Requirement:
• None
Clearance Requirement:
• Ability to obtain a Public Trust
Dynamo is a full lifecycle digital transformation company providing best-in-class technology and mission support services to our clients. Dynamo’s mission is to lead the digital transformation industry and provide best-in-class solutions for our clients with a truly human touch.
We leverage industry leading practices to empower our clients, ultimately providing them with the necessary tools, knowledge, and information required to successfully achieve their strategic goals, while optimizing their operations.
Through our partnerships, boldness, and authenticity, Dynamo goes against the grain of a traditional government contracting company by providing top-caliber team members, delivering quality results, and always exceeding expectations.
Dynamo Technologies is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, disability, protected veteran status, age, or any other characteristic protected by law. JFNDNP
Apply Now
Apply Now