​This is a remote Security Compliance Analyst role at Three Sisters Federal, supporting the IHS (Indian Health Service) enterprise cybersecurity and compliance operations within the federal government contracting sector. This position is vital for implementing Zero Trust architecture, conducting vulnerability management, and ensuring adherence to federal security frameworks through monitoring, evaluation, and documentation.

• ​Location: Remote.
• ​Experience: Minimum 7 years of information security or compliance experience.
• ​Education: Bachelor’s degree in Cybersecurity, Computer Science, or related field.
• ​Certification (Required): Security+ CE certification is required; CISSP or CISM is preferred.
• ​Focus: Operating CDM tools (BigFix, Symantec, Palo Alto Prisma), managing vulnerabilities, RMF documentation (SSPs, Risk Assessments), and supporting audits based on FISMA and RMF standards.

​Key Responsibilities: Operations and Compliance

​The Analyst ensures the technical compliance and operational security health of critical IT systems for IHS.

• ​CDM Tool Operation: Operate and maintain CDM security tools such as BigFix, Symantec, and Palo Alto Prisma.
• ​Vulnerability Management: Conduct vulnerability scanning, analysis, and remediation tracking.
• ​RMF & Documentation: Develop and maintain System Security Plans (SSPs), risk assessments, and monitoring reports.
• ​Compliance & Audit: Support audit responses and continuous compliance activities, ensuring adherence to federal security frameworks and the implementation of Zero Trust architecture.
• ​Security Standards: Ensure systems comply with DISA STIGs, RMF, and FISMA reporting requirements.

​Qualifications and Desired Skills

​The role mandates experience with federal IT security regulations and specific security tools.

• ​Required Certifications: Security+ CE is required; CISSP or CISM is preferred.
• ​Federal Frameworks: Experience with DISA STIGs, RMF (Risk Management Framework), and FISMA reporting.
• ​Desired Tools & Concepts:
  • ​Vulnerability Management (e.g., BigFix, SCAP).
  • ​SIEM/Monitoring (Splunk).
  • ​Cloud/Network Security (Palo Alto Prisma).
  • ​Compliance/Risk (RMF, NIST 800-53, Continuous Monitoring).
  • ​Architecture (Zero Trust).