Bubbleware Technology

About the Role

Bubbleware Technology is seeking a Mid-Level Cybersecurity Analyst / Security Control Assessor to support a federal cybersecurity program. This role will focus on security control assessments, federal cybersecurity compliance, vulnerability review, ATO support, POA&M development, and continuous monitoring activities.

The ideal candidate has experience supporting federal systems and understands how to evaluate, document, and communicate cybersecurity risks in alignment with federal security requirements.

This is a fully remote, full-time position supporting a federal contract.

Responsibilities

The Cybersecurity Analyst / Security Control Assessor will support activities such as:

• Conduct security control assessments for federal systems and applications.
• Review system security plans and related cybersecurity documentation.
• Evaluate security controls against federal requirements and NIST guidance.
• Document assessment findings and help prepare clear, detailed reports.
• Support Authorization to Operate, or ATO, activities.
• Assist with vulnerability assessments and review of security findings.
• Help develop and maintain Plans of Action and Milestones, or POA&Ms.
• Support continuous monitoring activities.
• Maintain assessment documentation, evidence, and security artifacts.
• Participate in cybersecurity working groups, technical meetings, and status discussions.
• Collaborate with system owners, technical teams, ISSOs, and federal stakeholders.
• Provide recommendations for remediation of security findings.

Required Qualifications

• 3+ years of cybersecurity, information security, IT security, or related experience.
• Experience supporting federal, government, or regulated environments.
• Familiarity with federal cybersecurity requirements and security assessment processes.
• Understanding of NIST SP 800-53 security controls.
• Familiarity with the Risk Management Framework, or RMF.
• Knowledge of FISMA cybersecurity requirements.
• Experience reviewing security documentation and assessment evidence.
• Strong technical writing, documentation, and communication skills.
• Ability to work independently in a remote environment.
• Proficiency with Microsoft Office tools, especially Word and Excel.
• Ability to obtain and maintain a federal Public Trust clearance.

Preferred Qualifications

• 3+ years of direct experience conducting security control assessments.
• Experience supporting ATO, A&A, RMF, or continuous monitoring activities.
• Experience with vulnerability scanning tools such as Nessus, Tenable, Qualys, or similar tools.
• Experience preparing or reviewing SSPs, SARs, POA&Ms, risk assessments, or control implementation statements.
• Security+ or higher cybersecurity certification.
• CISSP, CISA, CGRC, CAP, CySA+, or similar certification.
• Experience with FedRAMP, cloud security, AWS, Azure, or GCP.
• Experience with federal government contracting.
• Familiarity with DevSecOps practices.
• Experience with security compliance frameworks.
• Scripting experience with Python, PowerShell, or similar tools is a plus.
• Prior federal civilian agency experience is a plus.