Cybersecurity Compliance Analyst

Clarity Innovations is a trusted national security partner, dedicated to safeguarding our nation’s interests and delivering innovative solutions that empower the Intelligence Community (IC) and Department of Defense (DoD) to transform data into actionable intelligence, ensuring mission success in an evolving world.

Our mission-first software and data engineering platform modernizes data operations, utilizing advanced workflows, CI/CD, and secure DevSecOps practices. We focus on challenges in Information Warfare, Cyber Operations, Operational Security, and Data Structuring, enabling end-to-end solutions that drive operational impact.

We are committed to delivering cutting-edge tools and capabilities that address the most complex national security challenges, empowering our partners to stay ahead of emerging threats and ensuring the success of their critical missions. At Clarity, we are people-focused and set on being a destination employer for top talent, offering an environment where innovation thrives, careers grow, and individuals are valued. Join us as we continue to lead innovation and tackle the most pressing challenges in national security.

Description: 

We are seeking an experienced and proactive Cybersecurity Compliance Analyst to support a high-complexity, compliance-driven hybrid infrastructure environment. This on-site position is part of a mission-focused team delivering an “IT department in a box” — providing complete coverage from architecture and automation to support, hardening, and ongoing compliance operations. This role collaborates closely with the engineering and automation teams to integrate compliance into the full system lifecycle. 

The ideal candidate will bring a strong background in security compliance and risk management within hybrid IT ecosystems that include Red Hat Linux, Windows integration, VMware virtualization, Ansible automation, and identity federation. You will play a vital role in ensuring systems not only meet compliance standards but are hardened against evolving threats in a security-first environment. 

Key Responsibilities: 

Security Compliance 

• Ensure that all IT systems, infrastructure components, and services meet relevant security compliance frameworks (e.g., NIST 800-53, CIS Benchmarks, STIGs, FISMA). 

• Ensure technical controls align with applicable frameworks and are validated through automated and manual assessments. 

• Coordinate and track compliance activities including audits, internal reviews, and technical control assessments. 

• Maintain up-to-date documentation such as System Security Plans (SSPs), POA&Ms, and evidence for audit readiness. 

Security Risk Assessment 

• Conduct regular risk assessments of systems and networks to identify security gaps and prioritize remediation efforts. 

• Work collaboratively with engineering teams to implement and validate appropriate technical and administrative controls. 

• Support continuous monitoring programs to detect configuration drift, vulnerability trends, or policy violations. 

Incident Response 

• Serve as a key responder for security incidents, including analysis, containment, eradication, and recovery activities. 

• Assist in conducting post-incident reviews and implementing corrective actions to reduce the likelihood of future events. 

• Contribute to the development and improvement of incident response playbooks and escalation workflows. 

Required Qualifications: 

• 3-5 years of experience in cybersecurity compliance, risk management, or security operations within enterprise or government environments. 

• Demonstrated experience with compliance frameworks and standards, including NIST, STIGs, CIS, and DoD Risk Management Framework (RMF) process. 

• Experience developing and maintaining System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Security Assessment Reports (SARs). 

• Familiarity with hybrid infrastructure, including OpenSCAP or Tenable/Nessus, Red Hat Linux, Windows Server, and VMware vSphere. 

• Understanding of security tooling, such as vulnerability scanners, log aggregators (e.g., Splunk), SCAP tools, and identity management systems. 

• Familiarity with the eMASS tool for tracking RMF packages. 

• Strong analytical skills with the ability to assess risk and develop actionable mitigation strategies. 

• Proficient in documenting and tracking control implementations, audit evidence, and remediation progress. 

• This position requires an active TS clearance with SCI eligibility. 

Preferred Qualifications: 

• Relevant certifications: Security+, CISSP, CAP, CISA, or GRC-related credentials. 

• Experience in highly regulated or mission-critical environments (e.g., DoD, Federal, Financial, or Healthcare). 

• Exposure to Ansible automation and patching pipelines (e.g., WSUS, Satellite) from a compliance perspective. 

• Working knowledge of identity federation, SAML, LDAP, and cross-platform access control 

Work Environment: 

• On-site role; must be available for full-time presence at the Pentagon. 

• May require occasional after-hours support or weekend work to support mission needs or system updates. 

• Role demands initiative, ownership, and the ability to operate independently while collaborating across functional areas. 

Competitive salary 

Health, dental, and vision insurance 

Flexible work hours 

Professional development opportunities 

Collaborative and innovative work environment 

If you are passionate about creating exceptional user outcomes and thrive in a collaborative team setting, we invite you to apply and be a key contributor to our product development efforts.