Senior Information Assurance / Cyber Analyst

About Concept Plus

Concept Plus is a mission-focused technology solutions provider that transforms IT concepts into impactful solutions for federal agencies. Headquartered in Fairfax, VA, we bring the agility, responsiveness, and customer intimacy of a small business combined with the quality and infrastructure of a larger firm.

Recognized as an award-winning Oracle partner, we have delivered innovative solutions across Defense, Intelligence, Civilian, Health IT, and Tribal sectors. Our highly certified experts build systems that drive efficiency, accelerate modernization, and ensure mission outcomes with certainty.

We offer competitive pay, comprehensive health, dental, and vision insurance, paid life insurance, paid time off, 11 paid holidays, performance bonuses, tuition reimbursement, unlimited training, and the opportunity to thrive in a collaborative, flexible, and innovative environment.

For more information, visit

About the role

Concept Plus is seeking a highly experienced Senior Information Assurance (IA) Cyber Analyst to join our team supporting a critical Air Force program. The program's systems are deployed across classified and unclassified environments, hosted in both DISA data centers and the cloud.


The successful candidate will be responsible for supporting the government Information System Security Manager (ISSM) in maintaining the system's cybersecurity posture in accordance with DoD and Air Force policies.


You will be responsible for preparing and maintaining the Risk Management Framework (RMF) package, conducting continuous monitoring, and working closely with technical teams to ensure security is integrated throughout the entire system's lifecycle. This role is pivotal in supporting the system's Authority to Operate (ATO) and ensuring robust security from development through production.


What you'll do

• Support the ISSM by preparing and maintaining the system's RMF package throughout its lifecycle using the eMASS tool.
• Develop, maintain, and update all required RMF documentation (SSP, SAR, POA&Ms, ISCM Plan, etc.).
• Conduct continuous monitoring, analyze vulnerability scan results, and track the remediation of vulnerabilities by applying DISA STIGs and IAVM-directed patches.
• Coordinate security engineering input into system designs and the implementation of security controls.
• Analyze results from SAST/DAST security scans (e.g., SonarQube, Checkmarx) and collaborate with the development team on remediation.
• Track and respond to cybersecurity incidents, ensuring timely reporting and effective recovery efforts.
• Ensure compliance with security requirements such as two-factor authentication, data-at-rest encryption, and FIPS standards.
• Document and report on cybersecurity performance, contributing to artifacts like the Software Cybersecurity Release Report
• Act as a primary cybersecurity subject matter expert, providing guidance and support to the ISSM and program leadership.
• Participating in Agile/DevSecOps development cycles, ensuring security is integrated from concept to deployment.
• Review and validate system architecture, configuration changes, and release plans for security impacts.
• Prepare for and participate in security assessments, audits, and inspections.
• Liaise with external security stakeholders and accrediting authorities as directed.

Required Qualifications

• US Citizenship Required
• Ability to obtain and/or maintain a Secret Clearance
• DoD 8140 intermediate certification or DoD 8570 IAM Level II certifications or higher
• Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• Must meet DoD 8140 (formerly 8570) IAM Level II certification requirements (e.g., CISSP, CISM, CASP+ CE).
• 5-7 years of experience in Federal and DoD cybersecurity compliance.
• Expert knowledge of DoD/Air Force cybersecurity mandates, including RMF, DISA STIGs, and the IAVM process.
• Hands-on proficiency with cybersecurity tools such as eMASS, Nessus, SonarQube, and/or Checkmarx.
• Strong understanding of NIST 800-53 security controls.

Preferred Qualifications

• Experience in a U.S. Air Force program environment.
• Knowledge of specific Air Force policies such as AFMAN 17-1301 and 17-1303.
• Hands-on experience with additional security tools like Trivy or Dependency Track.
• Experience securing systems in an AWS GovCloud environment.
• Experience working in an Agile development environment.

Concept Plus is an Equal Opportunity Employer. As such, we will give your application full consideration without regard to your race, color, religion, sex, age, national origin, disability, veteran status, sexual orientation, gender identity, or any other classification protected by federal, state, or local law.