IT Security Compliance Analyst (Hybrid – Herndon, VA)

This position requires a minimum of three (3) days per week on site in Herndon, Virginia. Do NOT apply if you are not able to meet this requirement.

About 38North

38North Security is the world’s most experienced, technically expert, cloud advisory team. Since the inception of cloud computing, we have helped organizations around the world take secure, compliant advantage of the cloud to power modern business. From tech start-ups to Fortune 500 companies, our impressive client portfolio includes government, major healthcare organizations, cloud service providers, and security vendors, with many at the forefront of innovation and disruptive technology.

Our goal is to become the preeminent cloud security engineering and compliance advisory team, in the US and internationally, trusted by the world’s most demanding cloud centric organizations. At 38North, you will work with the most elite, experienced FedRAMP and cloud security experts in the world. You will be expected to continuously advance your technical and consulting skills while contributing to corporate initiatives that support our rapid growth.

In exchange, we offer competitive salaries (commensurate with experience), flexible work environment, and unlike larger companies in this space, reasonable billable hour expectations. Most importantly, you’ll be joining a team-focused organization, helmed by leaders who have worked together for decades to advance security and compliance initiatives.

About the Role

This position requires a minimum of three (3) days per week on site in Herndon, Virginia. Travel is not expected.

This role will support security assessments and security documentation efforts for products supporting both commercial and government customers. The position will function as a mid-level IT Security Analyst responsible for maintaining and developing security documentation in support of federal security frameworks and cloud authorization processes.

The analyst will interface directly with security engineering, development, operations, and build teams to gather control implementation details, document security control implementations, and maintain System Security Plans (SSPs), associated procedures, and supporting artifacts. The role will also support assessment activities, including evidence collection and coordination with internal or external assessors.

This position requires the ability to interpret technical data, document control implementations accurately, and contribute recommendations for improving processes and control effectiveness. Work will be performed under the direction of the Compliance team.

Duties and Responsibilities

• Gather and document security control implementation details for inclusion in System Security Plans (SSPs)
• Maintain and update SSPs, plans, procedures, and supporting documentation to ensure accuracy and alignment with implemented controls
• Collect, validate, and organize assessment evidence in preparation for internal and external security assessments
• Support Cloud-in-Country and other authorization processes through documentation preparation and coordination with operations teams
• Maintain and update Plans of Action and Milestones (POA&Ms) on a monthly basis
• Input and manage security documentation within designated documentation management tools
• Develop and track security metrics and trends related to documentation and control implementation
• Coordinate with security engineering, development, build, and operations teams to validate control implementation status
• Interpret technical information and translate findings into defensible security documentation
• Support internal assessments or collaborate with third-party assessors as required
• Provide recommendations to improve control implementation, documentation processes, and procedural clarity
• Communicate status, findings, and documentation updates to the Compliance team and relevant stakeholders

Qualifications

• Minimum of 3–5 years of experience supporting federal security documentation or assessment activities in FedRAMP, CMMC, and ISO.
• Experience supporting security assessments in government or regulated cloud environments
• Bachelor’s degree from an accredited college or university in Business, Engineering, Information Systems, Cybersecurity, or related field
• Experience working with cross-functional technical teams in engineering, development, or operations environments
• Ability to work onsite in Herndon, Virginia at least three days per week
• U.S. Citizenship required
• Ability to obtain and maintain a Public Trust clearance

Technical Skills

Framework and Compliance Experience

• Experience supporting documentation aligned to NIS