We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
F3EA, Inc. jobs

Information Security Analyst/Senior - Point Mugu, CA

F3EA, Inc.
United States, California, Naval Air Station Point Mugu
Apr 22, 2026
Job Summary

F3EA is seeking a Senior Information Security Analyst to support Blue Water Instrumentation (BWI) RDT&E Tranche 1 operations at the Point Mugu Sea Range. This role is responsible for the assessment, monitoring, and compliance reporting of cybersecurity controls across R&D test environments, prototype systems, developmental networks, and data pipelines supporting maritime instrumentation, telemetry, Command-and-Control experimentation, and AI-Driven Instrumentation (AIDI) activities.

The Senior Information Security Analyst will assess security posture, validate compliance, track POA&M burndown, and report findings to program leadership and Government stakeholders. This role operates under the guidance of the program's ISSM or ISSE and focuses on analysis, assessment, and documentation rather than system design or security architecture. The analyst coordinates with Government cybersecurity authorities on test environment authorizations in a contractor support capacity.

Continuous monitoring and compliance activities are scaled to developmental use and tied to scheduled RDT&E event windows rather than enterprise-grade 24/7 operations. This position ensures that security compliance is continuously assessed and clearly communicated, enabling informed risk decisions without impeding innovation, prototyping, and testing.

Roles and Responsibilities
  • Assess system configurations and validate compliance of R&D test environments and prototype systems with DoD cybersecurity requirements (RMF per DoDI 8510.01, NIST SP 800-53, CNSSI 1253, DoD Zero Trust Reference Architecture, and EO 14028)
  • Conduct scheduled and ad-hoc vulnerability scans using ACAS/Tenable Nessus and SCAP Compliance Checker (SCC) scaled to developmental use; analyze results and produce findings reports with remediation recommendations
  • Validate DISA STIG compliance across Windows, Linux, and network infrastructure in R&D test environments using STIG Viewer; document deviations and track remediation
  • Support development, review, and maintenance of IATT and limited ATO authorization package artifacts within eMASS, including SSPs, POA&Ms, risk assessments, and inheritance mappings (CDRL A007)
  • Develop and maintain security control inheritance mappings identifying which controls inherit from the range/enclave authorization versus system-specific implementations
  • Own POA&M burndown tracking and reporting as a primary deliverable tied to PRS metrics; coordinate remediation timelines with engineering and IT teams
  • Monitor systems for security events and anomalies using SIEM tools (Splunk or equivalent) during scheduled RDT&E event windows; escalate and document incidents per established IR procedures
  • Conduct security control assessments per NIST SP 800-53A; document assessment results and maintain assessment evidence for R&D test environments
  • Assess cybersecurity compliance of DoD Cloud SRG-aligned test environments, including IL6 and other applicable impact levels supporting AIDI/data pipelines
  • Maintain comprehensive documentation of security controls, compliance status, risk posture, residual risk mitigations, and continuous monitoring activities scaled to developmental use
  • Support audit readiness by preparing compliance packages, briefings, and evidence for NAVAIR, NAWCWD, and other Government stakeholders
  • Review and validate security configurations proposed by engineering teams; provide risk analysis and compliance feedback
  • Validate proper handling, marking, and protection of CUI, COMSEC material, ITAR/EAR-controlled technical data, and distribution-limited information per applicable policy
  • Coordinate with Government cybersecurity authorities (ISSM, AO, SCA) on test environment authorizations in a contractor support capacity
  • Support CAC/SAAR process compliance validation and PKI/email encryption compliance per DoD policy
  • Generate recurring and ad-hoc security posture reports, metrics dashboards, POA&M burndown reports, and compliance scorecards for program and Government leadership
  • Maintain current knowledge of emerging threats, vulnerabilities, and changes to DoD/DoN cybersecurity policy; advise program leadership on impacts to R&D test environments
Supervisory Responsibilities
  • None - May provide mentorship and analytical guidance to junior security personnel.
Required Qualifications and Education
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent combination of education and experience)
  • 10+ years of experience in cybersecurity analysis, information assurance, compliance, or information security assessment roles within DoD/DoN environments
  • Strong working knowledge of DoD cybersecurity frameworks: RMF (DoDI 8510.01), NIST SP 800-53, NIST SP 800-171, CNSSI 1253, and DoD Zero Trust Reference Architecture
  • Demonstrated experience supporting IATT and ATO processes and managing RMF artifacts, inheritance mappings, and POA&Ms within eMASS
  • Hands-on proficiency with ACAS/Tenable Nessus, SCAP Compliance Checker (SCC), and DISA STIG Viewer
  • Experience with SIEM platforms (Splunk preferred) for security event monitoring and analysis
  • Familiarity with DoD Cloud Security Requirements Guide (SRG) and compliance assessment of cloud-based test environments (IL4/IL5/IL6)
  • Strong understanding of security control assessment methodologies per NIST SP 800-53A
  • Familiarity with POA&M management, continuous monitoring processes, and compliance reporting
  • Understanding of COMSEC compliance validation requirements
  • Strong analytical, written communication, and briefing/presentation skills
  • Ability to work independently, prioritize competing assessment deadlines, and make risk-informed recommendations
  • U.S. citizenship required
  • Active DoD Secret clearance required; TS/SCI eligibility preferred; must be eligible for SAP access based on tasking
  • One or more of the following, commensurate with IAM Level II/III:
    • CISSP (Certified Information Systems Security Professional)
    • CISM (Certified Information Security Manager)
    • CASP+ (CompTIA Advanced Security Practitioner)
    • Security+ CE (minimum for IAM Level II)
Preferred Qualifications and Education
  • Experience supporting DoD test ranges, RDT&E programs, NAWCWD, NAVAIR, or Point Mugu Sea Range environments
  • Experience assessing developmental, prototype, or field-deployable systems at TRL 4-6
  • Familiarity with CMMC 2.0 Level 2 requirements and contractor compliance assessment
  • Familiarity with cross-domain solution (CDS) compliance requirements
  • Knowledge of TEMPEST/EMSEC compliance considerations in range environments
  • Experience with OT/IT convergence security assessment in instrumentation, telemetry, or USV/autonomous platform networks
  • Familiarity with DoD Cloud SRG IL6 compliance assessment
  • Familiarity with IRIG-106 and T&E range data standards
  • Experience with EO 14028 compliance assessment in DoD environments
  • COMSEC compliance validation experience
  • ITAR/EAR data handling compliance requirements familiarity
  • Experience supporting FMS (Foreign Military Sales) program security requirements
  • Additional certifications: CAP (Certified Authorization Professional), CISA, CEH, CCSP, Tenable Certified, Splunk Core Certified User

Work authorization/security clearance requirements

  • Ability to obtain and maintain a Department of Defense security clearance.
Physical Demands/Work Environment
  • Combination of office, laboratory, and operational environments
  • Close coordination with IT, engineering, and program personnel
  • May require support during test events or elevated operational periods

Affirmative Action/EEO statement

F3EA, Inc. is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, or local laws.

This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. F3EA, Inc. makes hiring decisions based solely on qualifications, merit, and business needs at the time.

Other duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

Applied = 0
MORE JOBS LIKE THIS

(web-bd9584865-5svq2)