Tista Science and Technology Corporation

  • FISMA/FedRAMP Analyst

    Job ID 2019-1668
    Job Locations US-MD-Bethesda
  • Overview

    TISTA Science and Technology Corporation, a CMMI Maturity Level 3 company, focuses on delivering information technology and professional services to Federal and State agencies. TISTA is an Inc. 500 company, a recipient of the 2010 Top 100 Service-Disabled Veteran-Owned Businesses from Diversity Business, recognized in Washington Technology's FAST 50 list of the fastest growing small businesses in government contracting in 2012 & 2013, recognized as the Top 25 Fastest Growing Small Technology companies by the Washington Business Journal in 2014 & 2015, and selected as the Veteran Owned Company of the Year in 2014 by the Montgomery County MD Dept. of Economic Development.


    Here at TISTA Science and Technology we value our Veterans and encourage all to apply!


    TISTA Science and Technology is seeking a FISMA/FedRAMP Analyst with a strong background in Cloud Computing and FedRAMP to join our growing team!


    The ideal candidate for this position is a security professional with experience in implementing and communicating Federal Risk Authorization Management Program (FedRAMP) and Federal Information Security Modernization Act (FISMA) compliance for the Federal government. The Analyst is responsible for helping to build and mature the agency’s Information Security Program by focusing on the Risk Management and Security Authorization activities in accordance with the applicable National Institute of Standards and Technology (NIST) 800 series guidelines and the Federal Information Processing Standards (FIPS). The Analyst will report to the Team Lead and perform and manage tasks related to the entire Assessment and Authorization (A&A) lifecycle.


    • Develop and update the information systems security documentation templates (e.g. System Boundary development, System Security Plan (SSP), Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthentication, Privacy Threshold Analysis, etc.) based onchanging NIST and federal guidance
    • Train and Assist System Owners, ISSOs and other Stakeholders in understanding documentation requirements. Review completed templates to ensure completeness and accuracy
    • Assist in coordinating remediation of Plan of Action and Milestones (POA&M) findings with various organizations within the enterprise
    • Respond to multiple customer inquiries regarding A&A utilizing a ticketing system; ensure timely and complete responses occur
    • Develop and process waivers and exceptions for information system weaknesses and vulnerabilities
    • Facilitate Security Control Assessments (SCAs) and possibly other advanced-level Continuous Monitoring Activities within cloud-based environments
    • Work with the clients to develop capabilities briefings and presentations in support of the program
    • Coordinate with ISSOs across the organization to ensure timely compliance with Federal and organizational policies and procedures
    • Produce required reporting for various management levels
    • Conduct a FedRAMP readiness study to provide the Agency with an assessment of their capabilities to achieve FedRAMP accreditation. This includes performing a current state FedRAMP readiness review of the Agency on-premises cloud capabilities and providing the Agency with a roadmap to become FedRAMP accredited
    • Lead the development, assessment, and analyzing of cyber security documentation for client information systems in accordance with FISMA, NIST RMF for Federal Agencies, RMF, FedRAMP, and departmental standards
    • Provide guidance to clients for FedRAMP and Cloud Security
    • Develop and maintain the Fed PaaS Technology Roadmap that incorporates Fed Cloud, Fed NonCloud, NIST Cloud, and AWS GovCloud environments


    • Minimum of 5 years of experience with three years specialized in information security-related work
    • Strong customer-service attitude, ability to multi-task and work independently
    • Strong in-person, written and verbal communication skills
    • Proficient with Cloud-based architectures
    • Subject Matter Expert (SME) knowledge of Cloud Computing and FedRAMP.
    • Knowledge of cloud computing service models (e.g. PaaS, IaaS, SaaS) as they relate to FedRAMP authorization
    • Detailed knowledge of NIST security standards and compliance measurements
    • Working experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, 800-60, 800-171 and FedRAMP
    • Strong knowledge of network and systems design principles
    • High aptitude for learning (self-study and as a part of a team)
    • Experience with Amazon Web Services, Microsoft Azure, or other IaaS models
    • At least one of the following certifications CISSP, CISA, CAP and/or Security+ certification
    • Experienced with Software Development Lifecycle (SDLC) and related terminology as it relates to
    • Information Security/Information Assurance


    • Bachelor’s degree


    • Ability to obtain Public Trust


    • Bethesda, MD


    Here at TISTA Science and Technology we value our Veterans and encourage all to apply!


    TISTA is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed