CORA/CHAP Compliance Analyst

We are seeking a highly skilled and innovative CORA/CHAP Compliance Analyst to join our team in the greater DMV area, supporting the Army National Guard.

Responsibilities

Lead CORA and CHAP compliance assessments: evaluate security architectures, control implementations, and operational procedures against RMF, DoD, and Army requirements.
• Analyze technical artifacts, configuration baselines, risk documentation, and evidence to identify systemic compliance gaps and residual risk.
• Produce formal assessment reports, executive summaries, findings, and prioritized remediation guidance for system owners and leadership.
• Advise on corrective action prioritization, risk disposition strategies, audit readiness, and POA&M development/tracking.
• Support continuous monitoring through trend analysis, compliance metrics, and dashboard reporting to inform enterprise readiness.
• Coordinate with ISSOs/ISSMs, system owners, engineering, and program teams to validate remediation, close findings, and verify evidence.
• Maintain assessment artifacts, audit trails, and decision records to support inspections and accreditation activities.
• Mentor assessment staff and contribute to improvement of assessment methodologies, templates, and compliance workflows.

#ENOCS

Qualifications

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD

• Clearance: Active TS/SCI clearance.

• Candidate must meet ONE of the following:

  • Bachelor's degree in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR
  • Relevant DoD/military training (examples: F07DZZ1; M03385G; M10395B; M223854; A-531-0021; W-250-0750; A-150-1980; A-102-8484; A-150-1250; A-150-1940A; A-150-1941; A-150-1903; A-102-3131; A-150-1855; A-150-1940; A-113-0205; A-113-0175; A-113-0018; A-113-0382; A-113-0027; A-113-0383; A-113-0175; A-113-0202; A-113-0233; DISA (451) Training (Linux/Windows); System Administrator (Intermediate) Playlist; OR
  • Relevant professional certification or equivalent experience (examples: Cloud+, GICSP, GSEC, Security+, SSCP).

• Required experience and skills:

  • Cybersecurity compliance, assessment, or audit experience with at least 3 years performing enterpriselevel assessments in DoD or large enterprise environments.
  • Deep familiarity with RMF, NIST SP 80053, DISA STIGs/SRGs, CORA/CHAP methodologies, and evidence validation practices.
  • Proven ability to produce decisiongrade assessment reports, scorecards, executive briefings, and remediation plans.
  • Strong analytical skills to correlate technical findings to operational risk and prioritize remediation.
  • Experience with vulnerability tools, configuration baselines, eMASS/RMF workflows, and POA&M management.
  • Excellent written and verbal communication for briefing senior leaders and coordinating crossfunctional remediation.

• Desired:

  • Prior ARNG/State/Territory assessment or CORA/CHAP experience.
  • Experience advising leadership on enterprise compliance programs, sustained remediation strategies, and metricsdriven improvement.
  • Familiarity with automation for evidence collection, compliance dashboards, and assessment toolchains.

#ENOCS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.