System Assessments and Authorization (SA&A) Analyst

Clearance Level
Cyber Security
Bethesda, Maryland

REQ#: RQ58107

Travel Required: None
Public Trust: NACI (T1)
Requisition Type: Regular

We are seeking a Cyber Security Assessor t to join our team to support the Office of the Director (OD) within the National Institutes of Health (NIH) in Bethesda, MD. As a Cyber Security Assessor, you will be part of our System Assessments and Authorization (SA&A) Security team who maintain security systems and conduct security operations for accredited infrastructures and applications supporting approximately 2,700 users at OD and work alongside other GDIT staff who provide Desktop Support, Network Operations, Web Development, Customer Relations and Program Management support.

As a key participant within a cohesive Information Assurance (IA) and security engineering team, you will share responsibilities for conducting FISMA-compliant System Assessments and Authorization (SA&A) and maintaining continuous Approval To Operate (ATO) for customer built and maintained applications supporting the OD so it can carry out its mission of supporting innovative scientific research.

In this role, a typical day will include:

  • Participate in the assessment of low, moderate, and high impact information systems to include Cloud service offerings.
  • Complete comprehensive test plans for identified security controls following NIST 800-53a, FedRAMP guidance, and/or agency-specific guidance.
  • Produce complete, accurate, and timely findings reports using client defined templates
  • Review and analyze needed updates to existing set of security documents (e.g., system boundaries, privacy impact assessments [PIAs], system security plans [SSPs], risk assessments [RAs], memoranda of understanding, interconnection security agreements, contingency plans [CPs], etc.)
  • Maintain currency on latest security vulnerabilities and options for mitigation.
  • Develop risk mitigations and recommendations for identified security assessment findings.
  • Review system categorization and associated controls.
  • Establish and maintain professional relationships with clients, customers, and team members and escalate issues when necessary.
  • Maintain currency in federal cybersecurity policy, e.g., Office of Management and Budget (OMB) Memorandum, NIST Special Publications, and FedRAMP.

Required Qualifications:

  • BS degree in Computer Science or Information Technology and two years’ experience or a MS in a related field
  • Experience performing Certification & Accreditation (C&A), System Assessment & Authorization (SA&A) as part of NIST SP 800-37 Risk Management Framework (RMF) system and application accreditation.
  • Experience performing Independent Security Assessment and Reporting (SAR) as part of application System Development Lifecycle (SDLC).
  • Experience performing Security control assessments as part of Continuous Monitoring NIST SP 800-53 V4 compliance sustainment for application, infrastructure, and network.
  • Experience drafting SOPs and technical work instructions.
  • Must have an ITIL Foundations Certificate or be able to obtain within six months of employment.
  • Must be able to obtain and maintain a NIH Public Trust.

Preferred Qualifications:

  • degree in Computer Science or Information Technology
  • Three years experience in Cyber Security field
  • Experience with federal regulations and security compliance requirements for civilian federal agencies (FISMA, NIST 800 series, OMB A-130, FedRAMP, etc.)
  • Experience conducting security control assessments/audits using NIST SP 800-53, including preparation of complete authorization packages.
  • Minimum of one experience conducting FedRAMP Readiness Assessments for FedRAMP cloud environments or knowledge of cloud security.
  • CompTIA Security+ ce, Certified Authorization Professional (CAP), or Certified in Risk and Information Systems Control (CRISC)

Attributes for Success:

  • Strong written and verbal communication skills.
  • The successful candidate will be able to communicate technical subjects effectively in both verbal and written mediums to both technical and non-technical audiences.
  • Resourcefulness and problem-solving aptitude.
  • Desire to work in a team environment and strong work ethic.


Opportunity Owned

Discover more at  

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.