Security Compliance Analyst

This role is for a dedicated professional to support cybersecurity and compliance activities for Department of Defense (DoD) systems at
Hanscom Air Force Base (AFB)
.

Core Responsibilities

• Vulnerability Management:
  Conduct
  vulnerability scans
  on Windows-based servers and infrastructure using DoD-approved tools (e.g.,
  ACAS
  ). Track, analyze, and report vulnerability scores in alignment with DoD cybersecurity frameworks.
• Remediation & STIG Compliance:
  Remediate vulnerabilities and assist in securing and patching systems to meet applicable
  Security Technical Implementation Guide (STIG) compliance
  across:
• Windows Server environments
• Microsoft SQL Server
• .NET frameworks
• Internet Information Services (IIS)
• Accessibility Compliance:
  Perform
  Section 508 compliance scanning
  and assist in the mitigation of accessibility issues across web-based platforms and documentation.
• Workflow Automation:
  Maintain and
  automate security documentation workflows
  using
  SharePoint
  and
  Microsoft Power Platform
  tools (Power Automate, Power Apps).
• Collaboration:
  Collaborate with cybersecurity, infrastructure, and development teams to ensure compliance and timely mitigation of risks.
• Documentation:
  Assist with the development and tracking of
  Plans of Action & Milestones (POA&M)
  .

Required Skills & Experience

• DoD Cybersecurity:
  Solid understanding of
  DoD cybersecurity policies
  , including STIGs and DISA compliance tools.
• Scanning Platforms:
  Experience with vulnerability scanning platforms such as
  ACAS
  .
• Microsoft Stack:
  Hands-on experience with:
• SharePoint
  for documentation and collaboration.
• Power Automate
  for workflow automation (e.g., POA&M tracking, scan result routing).
• Power BI
  for visualizing vulnerability trends and compliance metrics.
• Power Apps
  for building custom compliance tools or dashboards.
• Technical Skills:
  Introductory-level familiarity with
  SQL scripting
  for basic data queries and reporting. Ability to interpret scan results, prioritize findings, and implement corrective actions.
• 508 Compliance:
  Familiarity with
  Section 508 accessibility standards
  and the tools used for compliance scanning and remediation.

Qualifications & Clearance

• Clearance:
  Active Secret clearance is required
• Certification:
  CompTIA Security+ is required
  .
• Education:
  Bachelor's degree in Computer Science, Information Security, or a related field;
  or
  3-6 years of equivalent experience in a related field.
• Soft Skills:
  Strong analytical, problem-solving, communication, and documentation skills. Must be detail-oriented and able to work effectively independently and in cross-functional teams.