PiTech Solutions Inc is pleased to respond to a requirement for an independent, comprehensive assessment of the Office of Information Technology (OIT). OIT's mandate is a team of approximately ten professionals that support an entire federal agency's technology infrastructure, cybersecurity posture, cloud services, and daily help desk operations averaging 500 tickets per month.

We will deliver six months of structured, evidence-based assessment work culminating in actionable findings across eight domains — organizational, governance, operational, infrastructure, cybersecurity, contracts and licensing, modernization, and data/AI readiness. Every recommendation is weighted against FMC's priorities, cybersecurity and compliance first, followed by governance accountability, operational performance, technology lifecycle, and cost efficiency.

Job Description: Cybersecurity Analyst (Federal Assessments  Top Secret Clearance)

Position Summary
PiTech Solutions Inc. is seeking a Cybersecurity Analyst to support independent, evidence-based cybersecurity assessments for U.S. federal agencies. This role plans and executes security control assessments, technical testing, and compliance evaluations aligned to federal requirements (e.g., FISMA, NIST, and agency-specific policies). The analyst documents objective evidence, identifies risk and root cause, and produces clear, actionable recommendations for executives and technical teams. This position requires an active Top Secret (TS) clearance (with eligibility to maintain access as required).

Key Responsibilities

• Assessment planning and scoping: Participate in discovery with agency stakeholders to confirm system boundaries, environments (on-prem/cloud/hybrid), interconnections, data types, and mission priorities; define assessment objectives, methodology, schedule, sampling strategy, and evidence request lists.
• Security control assessment (SCA): Evaluate management, operational, and technical controls against applicable baselines and overlays (e.g., NIST SP 800-53); map implementation statements to objective evidence and document assessment results, rationale, and traceability.
• Risk Management Framework (RMF) support: Assist with RMF activities across the system lifecycle (categorization, selection, implementation validation, assessment, authorization support, and continuous monitoring); review and validate SSPs, SAP/SAR artifacts, POA&Ms, and continuous monitoring strategies.
• Technical validation and testing: Perform hands-on security testing where authorized, including configuration reviews, vulnerability validation, log review, and control verification across endpoints, servers, network devices, IAM services, cloud resources, and security tooling.
• Vulnerability and configuration assessment: Execute and analyze results from automated scans (credentialed when possible), benchmark configurations (e.g., CIS/STIG guidance as applicable), and identify false positives/negatives; develop prioritized remediation recommendations.
• Cloud security assessment: Assess cloud service configurations and controls (e.g., identity, network segmentation, encryption, logging/monitoring, key management, and shared responsibility considerations) across major CSP platforms and FedRAMP-aligned control expectations.
• Incident readiness and operational security: Evaluate detection and response capabilities (SOC processes, playbooks, alerting, escalation, forensics readiness, and tabletop exercises); assess logging coverage and retention to support investigations and compliance.
• Policy, governance, and program reviews: Assess cybersecurity program documentation, governance, and oversight processes (e.g., risk acceptance, exception handling, asset management, vulnerability management, secure configuration, change control, and third-party risk).
• Evidence management: Collect, organize, and protect sensitive assessment materials; maintain a defensible evidence trail, including interview notes, screenshots, configuration exports, scan outputs, and log samples in accordance with handling requirements.
• Reporting and briefings: Draft assessment deliverables (findings, risk ratings, root cause, impacts, and recommendations) and present results to technical teams and executive leadership; tailor communications for both technical depth and leadership decision-making.
• Remediation support and verification: Collaborate with system owners and engineers to validate remediation plans, track POA&Ms, and confirm corrective actions through re-testing and evidence review.
• Stakeholder coordination: Work effectively with federal personnel, contractors, and third parties; facilitate interviews and working sessions; provide clear status updates and escalate blockers in a timely manner.
• Quality and compliance: Follow internal assessment standards, templates, and QA processes to ensure consistency, accuracy, and alignment with contract requirements and federal audit expectations.

Required Qualifications

• Active Top Secret (TS) clearance (and ability to meet ongoing access eligibility requirements).
• Bachelors degree in Cybersecurity, Information Systems, Computer Science, or related field, or equivalent relevant experience.
• Demonstrated experience conducting cybersecurity assessments, audits, or security control assessments in federal or regulated environments, including 7+ years of related cybersecurity experience (or 5+ years with a Masters degree).
• Working knowledge of federal cybersecurity requirements and assessment approaches (e.g., FISMA; NIST SP 800-53 control assessments; RMF concepts and artifacts such as SSP, SAP/SAR, and POA&M).
• Hands-on technical capability to review configurations and validate controls across common enterprise technologies (Windows/Linux, Active Directory/Azure AD or equivalent IAM, network fundamentals, endpoint security, vulnerability management, and logging/monitoring).
• Strong written communication skills, including ability to produce clear findings, objective evidence narratives, and executive-ready summaries.
• Strong verbal communication and interviewing skills; comfortable working with stakeholders from engineers to senior leaders.
• Ability to lead assessment workstreams with minimal oversight, including mentoring junior assessors, coordinating evidence requests, and driving deliverable quality.
• Ability to manage multiple tasks, meet deadlines, and work independently with minimal supervision.

Desired Qualifications

• Industry certifications such as Security+, CySA+, SSCP, CISSP, CISM, CISA, CCSP, or equivalent.
• Experience supporting ATO packages and authorization activities, including coordination with Authorizing Officials (AOs) and SCA teams.
• Familiarity with FedRAMP requirements and control expectations for cloud services.
• Experience with DISA STIGs and security technical implementation guidance; familiarity with benchmark tooling and configuration baselines.
• Experience with vulnerability scanning and security tools (e.g., Tenable/Nessus, Qualys, Rapid7; endpoint security; SIEM platforms such as Splunk, Sentinel, or Elastic).
• Basic scripting/automation experience (e.g., PowerShell, Python) for evidence collection, analysis, or reporting efficiency.
• Experience supporting Zero Trust initiatives (e.g., identity-centric security, MFA/conditional access, segmentation, device compliance, and continuous verification) aligned to federal guidance.
• Experience performing tabletop exercises, incident response assessments, or log management maturity reviews.

Tools & Technologies (Representative)

• GRC and assessment artifacts: SSP/SAP/SAR/POA&M documentation, evidence trackers, control matrices, and risk registers
• Vulnerability and configuration assessment: credentialed scanning, secure configuration benchmarks, patch/vulnerability remediation workflows
• Identity and access management: RBAC, MFA, privileged access management concepts, account lifecycle processes
• Logging and monitoring: SIEM queries, log source onboarding validation, alert triage concepts, retention/immutability considerations
• Cloud platforms: configuration review concepts for major CSP services (networking, IAM, encryption, logging, resource governance)
• Collaboration and documentation: Microsoft 365, Word/Excel/PowerPoint, SharePoint/Teams, ticketing systems, and secure file handling

Security Requirements

This position requires an active Top Secret (TS) clearance and strict adherence to all applicable security requirements, including need-to-know access, approved information system use, and proper handling of sensitive and classified information. Candidate must be able to maintain clearance eligibility and comply with agency and contract-specific security policies.

Work Environment

Work may be performed on-site at federal facilities and/or in secure environments as required by the agency. Occasional travel may be required for on-site interviews, evidence collection, and briefings. The role may involve working with time-sensitive deliverables during assessment fieldwork and reporting cycles.

Work shall be performed primarily onsite at FMC Headquarters, 800 North Capitol Street, NW, Washington, DC 20573. FMC recognizes that select analytical activities (e.g., drafting, synthesis, and report development) may be performed offsite when coordinated with the COR; however, quoters shall assume the engagement requires substantial onsite presence to support interviews, workflow observation, and stakeholder engagement

Period of Performance April 24, 2026 – October 23, 2026

Equal Employment Opportunity

PiTech Solutions Inc. is an equal opportunity employer. Employment decisions are based on qualifications, merit, and business needs.