You’ve stumbled upon the rare B Corp government contractor!

At TCG, we aim to prove that businesses can be good to their employees and responsible to their community while being profitable. We’re an award-winning IT solutions provider to the Federal government seeking a Security Analyst to join our project team at a major Federal agency.

US Citizenship is required for this role. In addition, the selected applicant must submit to a government background investigation and be favorably adjudicated before their first day.

While primarily remote, this position may require occasional on-site meetings. The selected candidate must live within commuting distance of Washington, D.C.

The Security Analyst will collaborate with operational teams and the Chief Information Officer (CIO) to uphold the security posture and ensure the implementation and maintenance of security controls in compliance with security plans and regulations. This role offers the unique opportunity to develop both Information Security Officer and Systems Engineering skills, eventually transitioning into a mid-level engineering position with a focus on technical work.

RESPONSIBILITIES:

• Prepares vital documentation such as System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs), ensuring adherence to NIST standards.
• Implements and maintains security controls in line with NIST 800–53 Rev. 5, conducts regular security assessments, and performs vulnerability scans to identify and mitigate risks as per NIST guidelines.
• Monitors security logs and events, identifies potential security incidents, and reports them while utilizing NIST incident handling guidelines.
• Supports information assurance programs within the organization.
• Proposes, coordinates, implements, and enforces information systems security policies, standards, and methodologies in alignment with regulatory requirements.
• Tracks, reports on, and provides recommendations regarding the Plan of Action & Milestones (POA&M) to ensure compliance with security controls.
• Conducts security impact analyses (SIA) for planned changes and/or deployments, evaluating their implications on the existing security posture.
• Maintains Federal Information Security Modernization Act (FISMA) inventory records and ensures up-to-date status reporting.
• Develops and implements technical control statements in collaboration with engineering teams to support system architecture designs, configurations, and security integrations.
• Creates documentation for ongoing system management, ensuring traceability of controls back to their original requirements.

REQUIRED SKILLS & EXPERIENCE:

• A minimum of 7 years of experience in an IT Security team, with at least 2 years working as an ISSO.
• Familiarity with security assessment tools and techniques for validating compliance with NIST security controls.
• Strong understanding of NIST 800–61, NIST 800–171, and experience with SIEM systems and log analysis.
• Demonstrated capability to create customized reports and dashboards.
• Proven ability to learn new technologies and skills quickly.
• Excellent communication skills, both written and verbal, capable of engaging with clients at all organizational levels.
• Independent problem-solving abilities, analytical strength, creativity, and empathy towards end customer requirements.
• IT security implementation expertise in a Federal government context.
• One to two years of experience working directly with monitoring tools and systems.
• Proficiency in MS Excel, MS Word, and other MS Office applications.

PREFERRED SKILLS & EXPERIENCE:

• Experience working with Fortinet firewalls and related products, Tenable SC/IO/Nessus or equivalent security tools.
• Certifications such as CISSP, CISM, or equivalent.
• Experience within government or regulated environments.
• Knowledge of FedRAMP and its relationship to NIST publications.
• Familiarity with Atlassian tools, particularly Jira.
• Working knowledge of Risk Management Framework (RMF)
• Hands-on expertise implementing and monitoring security controls as per NIST 800–53 Rev. 5
• Understanding of web security best practices.
• Programming/development experience using Python or a comparable language.
• Ability to produce detailed system documentation for ongoing management and integration.

EDUCATION:

• Bachelor’s degree preferred, preferably in Computer Science, Information Technology, or a related field. Experience may be substituted in the absence of a degree

TCG does not discriminate based on race, sex, color, religion, national origin, age, disability, caste, or veteran status.

Our B Corp mission is reflected in our benefits, including offerings like health care, 401K, parental leave, adoption assistance, financial planning services, student loan repayment assistance, and training budget. There’s more; see for yourself.

TCG is recognized for treating employees well. In fact, in 2025, The Washington Post named TCG as a “Top Workplace” for the eleventh straight year based on how our employees feel about the company, the benefits TCG offers, and the work/life balance that our staff achieves. In the Washington Post Top Workplace survey, our CEO was ranked best by TCG employees’ votes among all midsize companies.

Try us … we’ll make you happy.

Internal title/grade: System Administrator, E2
Salary Range: $95,000 — $120,000