INFORMATION ASSURANCE ANALYST SKILLS, EXPERIENCES, AND JOB REQUIREMENTS

Published: Aug 25, 2025 - The Information Assurance Analyst applies technical expertise in network security, endpoint protection, and access management to support secure IT operations across cloud and on-premise environments. This role requires experience with the Risk Management Framework, DISA STIGs, FedRAMP processes, and a strong understanding of NIST, ISO 27000-series. The analyst also contributes to system engineering, leads cybersecurity assessments, and ensures compliance through audits and control implementations across AWS, Azure, and GCP platforms.

Essential Hard and Soft Skills for an Information Assurance Analyst Resume
  • Risk Assessment
  • Incident Response
  • RMF Implementation
  • Vulnerability Scanning
  • Security Compliance
  • Policy Development
  • ATO Support
  • Security Design
  • Tool Management
  • System Testing
  • Stakeholder Communication
  • Team Collaboration
  • Technical Judgement
  • Security Training
  • Problem Solving
  • Issue Resolution
  • Client Communication
  • Executive Communication
  • Meeting Facilitation
  • Staff Mentoring

Summary of Information Assurance Analyst Knowledge and Qualifications on Resume

1. BA in Intelligence Studies with 9 years of Experience

  • Experience in Information Assurance
  • Working knowledge of cybersecurity principles
  • Ability to obtain and maintain the Certification and Accreditation of network systems according to NASIC, USAF, IC and DOD requirements and directives
  • Must have a DoD 8570 IAM level II or above security certification (examples: CAP, CASP CE, CISM, GSLC, CISSP Associate, or CISSP)
  • Must have a current DoD Secret clearance completed 
  • Knowledge of ACAS, NESSUS, SPLUNK, SCAP, POA&Ms, NIST, EMASS, NISPOM, system auditing and vulnerability scanning
  • Able to perform systems security programming to facilitate the detection and tracking of unauthorized attempts to access network resources
  • Able to review weekly and evaluate the security posture of computer system configurations, identify deficiencies, and identify actions to correct the deficiencies
  • Able to install and operate approved security tools and install security-related applications, operating system patches, and/or updates
  • Experience installing, operating and maintaining network security tools and applications
  • Experience with DIACAP and RMF certification and accreditation requirements

2. BS in Information Assurance with 6 years of Experience

  • Must have industry security certifications (e.g., SSCP, ISO27001 Auditor)
  • Knowledge of systems and security verification, validation, testing and evaluation approaches
  • Understanding of information security Risk Assessments, Risk Treatment Plans and Risk Management and Accreditation Documents by ISO27001Pragmatic approach to the recommendation of security controls
  • Ability to plan, prioritise and run workload under general supervision, with general instructions for special assignments
  • Must have an active, or be eligible to obtain, Security Clearance (SC)
  • Knowledge and understanding of MOD and Government information security policy, standards and guidance
  • Experience of working within a multinational matrix management environment/ structure and a large-scale, sophisticated international organization, but also within small teams
  • Experience of working with and accrediting MOD Applications for deployment onto the Defence Network
  • Knowledge of various MOD publications such as JSP440, JSP604, etc. and tools such as DART
  • Experience of participating in developing security solutions in response to customer requirements
  • Understanding of data protection controls and practices, and awareness of wider regulations such as ITAR

3. BS in Computer Engineering with 8 years of Experience

  • Must possess or be able to obtain DoD 8570 Certification for IAT Level II or higher within two (2) months of starting
  • Must have DoD 8570 Certification for IAT Level III
  • Experience working with military service-level Security Accreditation Authorities (SCA) and Designated Approval Authorities
  • Working experience in Vulnerability assessment 
  • Experience with Assured Compliance Assessment Solution (ACAS), Host-Based Security System (HBSS), Splunk, and other enterprise security defense and forensic tools
  • Working knowledge of network security controls such as routers, switches, firewalls, network access controls, and related solutions
  • Working knowledge of Linux and Windows operating systems and applications
  • Experience in the following disciplines: Authentication and Authorization, Microsoft Domain Controller, Red Hat IdM, Keycloak, Multi-Factor Authentication
  • Deep knowledge of deploying secure applications using Kubernetes or other similar tooling
  • Must have excellent communication and interpersonal skills
  • Ability to interface with all levels of employees and management
  • Understanding of SCRUM and AGILE methodology
  • Experience Cross Domain Guards

4. BA in Sociology with 9 years of Experience

  • Experience with Navy Cyber Security and/or Security Operations 
  • Prior BCA or Navy Enterprise-level knowledge
  • Strong report writing skills and general communication skills
  • Strong critical thinking, analysis, and investigative skills
  • Experience with network protocol analysis using tools such as Wireshark
  • Experience with log parsing and analysis
  • Experience with Linux 
  • Experience with researching threats and identifying credible sources
  • Experience with proactive Threat Hunting using SIEM solutions with ingested datasets from multiple locations
  • Knowledge of dataset correlation, understanding network architecture, and data at rest and in transit
  • Demonstrable knowledge in various Windows and Linux OS and TCP/IP protocols
  • Working knowledge of IDS/IPS systems, network forensics analysis, and SIEM
  • Specific experience in one or more areas with Security Onion, Splunk, Snort/Suricata, and BRO/ZEEK integration
  • Working knowledge of cybersecurity threats
  • Ability to apply this knowledge to the environment

5. BA in Emergency Management with 8 years of Experience

  • Must have Forensics or incident response certification (GCIH, GCIA, GCFA, CHFI, CEH, Magnet, Encase, FTK, Belkasoft, FLETC, DC3, etc.)
  • Experience in cloud security and administration
  • Experience leading digital forensic investigations
  • Experience as an incident manager
  • Experience threat hunting in an enterprise environment
  • Experience with malware analysis to derive IOCs
  • Experience with scripting languages
  • Experience in enterprise networking
  • Experience with EDR and/or MDR tools
  • Familiarity with certification and accreditation processes such as RMF and DIACAP
  • Operational experience, with familiarity in security/event log auditing
  • Familiarity with security plan development and/or continuous monitoring for compliance with security plans
  • Ability to certify and maintain information security-related certifications (Security+, CASP, GSEC, CISM, CAP, CISSP)

6. BS in Information Security with 7 years of Experience

  • Experiencing reviewing the IT Security Policy and providing recommendations for implementation
  • Working experience in supporting the Security Authorization and Accreditation process for federal IT Systems
  • Working experience in supporting the documentation and resolution of IT Security Plans of Action and Milestones (POAMs)
  • Experience implementing and maintaining all aspects of the federal Risk Management Framework (RMF)
  • Experience interacting/communicating with multiple levels of project stakeholders
  • Strong verbal and written communication skills
  • Working experience in the cybersecurity/information assurance field
  • Must have an ISACA Certified Information Security Manager (CISM)
  • Must have an ISACA Certified Information Systems Auditor (CISA)
  • Must have (ISC)2 Certified Cloud Security Professional (CCSP)
  • Must have (ISC)2 Certified Information Systems Security Professional (CISSP)Experience with managing projects within Federal Government organizations

7. BS in Telecommunications with 6 years of Experience

  • Must be willing to work onsite daily within a SIPR room
  • Experience with DoD RMF, DIACAP or NIST Risk Management Framework (RMF)
  • Experience with information assurance including ACAS reporting and IAVM Compliance
  • Experience in cybersecurity/information assurance activities
  • Experience working with classified materials
  • Experience in accomplishing risk management objectives using the NIST Risk Management Framework
  • Experience in evaluating the security posture of IT systems by national, Department of Justice, and DEA security policies (e.g., NIST and Committee on National Security Systems CNSS)
  • Experience in providing risk-based recommendations for information systems operation
  • Must have Certified Information System Security Professional (CISSP) Certification
  • Experience with DSS RMF process, DISA ACAS, and DoD IA compliance standards
  • Knowledge of Navy IT/IA policies and procedures 

8. BA in Risk Management with 8 years of Experience

  • Experience with FedRAMP and NIST compliance
  • Experience with cloud security for AWS and Azure environments
  • Experience with network architecture concepts, common ports and protocols, and network monitoring tools
  • Experience with writing clear and concise technical documents, specifically policies, processes, and procedural documentation
  • Experience with Nessus and Trend Micro solutions
  • Organizational skills and the ability to work autonomously with attention to detail and processes
  • Excellent communication skills with experience providing incident briefings to peers, management and clients
  • Excellent written skills with experience creating formal incident reports
  • Must have an Industry-recognized professional certification such as CISSP, Security+
  • Experience with NIST 800-53
  • Direct experience with certification and accreditation techniques and methodologies

9. BS in Information Technology with 7 years of Experience

  • Must have Operating System Certifications such as SNORT IDPS/IPS Training Certificate, based on current market offerings (SNORT and/or Sourcefire experience)
  • Must meet at least one baseline certification under the CSSP-Analyst position category per DoD 8570.01-M regulations upon hire
  • Must meet the following Computing Environment (CE) certifications
  • Experience with Network intrusion detection system (NIDS) software such as SNORT 
  • Experience with Army Cyber Security (CS) guidance and regulations
  • Must have GSEC, Security+, SSCP or CCNA-security Certification (IAT-II)
  • Must have CAP, GSLC, or Security + (IAM-I)
  • Understanding of Host-based Security Solutions
  • Understands the issues, technology, emerging trends, and available tools and techniques and is responsible for providing technical advice to the Government lead
  • Working knowledge of Security Technical Implementation Guides (STIGs) and applicable NIST
  • Possesses a basic understanding of configuration management (CM) processes

10. BS in Data Analytics with 12 years of Experience

  • Information Technology experience focused on IT security and Information Assurance for federal government or DoD systems
  • Heavy hands-on experience with complex troubleshooting
  • Hands-on knowledge of DoD information security requirements
  • Experience configuring Windows client (Windows 10 and 11) and Windows Server (2012R2 through 2019) operating systems, Microsoft SQL Server, and Cisco IOS devices
  • Experience building and administering VMware vSphere environments 
  • Experience applying DISA STIGs to Windows, VMWare, and network devices and performing compliance scans / manual assessments
  • Experience with WSUS and/or SCCM
  • Experience performing Nessus / ACAS scans and remediating against identified vulnerabilities
  • Strong oral, written, and presentation skills with experience communicating directly with Customers
  • Demonstrated background working with multidisciplinary teams
  • Demonstrated time management and organization skills to meet deadlines and quality objectives
  • Proficiency in MS Office Suites, including Visio, Putty, Wireshark or other protocol analyzers, Tenable Nessus / ACAS
  • Ability to master similar productivity tools
  • Must have DoDI 8570.01-m IAM Level II or Higher Baseline Certification, such as CISSP, CompTIA Security+, etc.
  • Able to listen to and understand information and ideas presented through spoken words and sentences
  • Able to communicate information and ideas in speaking so others will understand
  • Able to read and understand information and ideas presented in writing
  • Able to apply general rules to specific problems to produce answers that make sense
  • Able to identify and understand the speech of another person

11. BA in International Relations with 7 years of Experience

  • Experience in the IT security field
  • Knowledge of information security and computer network access technologies
  • Knowledge of data protection and integrity, operating systems and network security, authentication, and security protocols
  • Strong interpersonal and communication skills to work effectively with IT and business units
  • Experience with vendor risk management including GRC processes and tools
  • Experience working with security programs including risk assessments and forensic research, designing security architectures, and developing policies
  • Demonstrable experience performing security assessments in line with comprehensive control frameworks in partnership with external stakeholders such as Legal, Product, and Engineering
  • Demonstrable experience in successfully working with and positively influencing engineering teams, while understanding their daily challenges and demands
  • Working understanding of regulatory regimes 
  • Demonstrable experience leveraging and implementing common control mappings (e.g., GDPR, CCPA, FedRAMP/NIST 800-53, HIPAA, ISO 27001, PCI DSS, HITRUST)
  • Working knowledge of multiple compliance and regulatory regimes (e.g., FedRAMP/NIST 800-53, GDPR, HIPAA, HITRUST, ISO 27001, PCI-DSS)
  • Familiar with other cloud-based productivity tools (e.g., JIRA, Confluence, GDocs)

12. BA in Emergency Management with 9 years of Experience

  • Experience with any of the following: network security, endpoint protection, log aggregators, or privilege access management vaulting
  • Experience in information technology or information security functions
  • Must have Certifications such as Security+, Network+, CCNA, or CISA 
  • Must be able to obtain and/or maintain Secret Clearance
  • Experience in systems/security engineering
  • Experience with the Risk Management Framework (RMF) or FedRAMP ATO process, to include a working knowledge of the various steps/stages within the process
  • Knowledgeable of relevant NIST Special Publications guidance as it pertains to the RMF
  • Experience leading RMF Cybersecurity/IA Activities
  • Strong knowledge and experience with DISA Security Technical Implementation Guides (STIG)
  • Experience with security and privacy controls
  • Good knowledge of Information Security frameworks and standards such as ISO/IEC 27000-series, SSAE16, SOC1/2, Cloud Security Alliance Cloud Controls Matrix (CCM), and rules/regulations related to privacy and data confidentiality (e.g., GDPR, CCPA)
  • Good knowledge of AWS, Azure, GCP CSP platforms and their security controls
  • Good knowledge of SaaS application delivery models
  • Experience and/or knowledge of security and privacy assessments/audits