Cybersecurity Analyst, IT Operations
Fors Marsh · Washington, DC · 6 days ago
RemoteRemoteInformation Technology$110k–$125k/yrFull-time
Responsibilities
- Support the implementation, monitoring, and enforcement of security controls aligned with NIST SP 800-171, NIST SP 800-53, and CMMC Level 2 requirements
- Monitor security events and alerts across enterprise systems (e.g., SIEM, endpoint detection, network devices) and perform incident triage, investigation, and response
- Assist in maintaining and securing Windows-based enterprise environments, including Active Directory, servers, and endpoints
- Conduct vulnerability scanning and remediation tracking, including prioritization of findings based on risk and compliance impact
- Support the protection, processing, and storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) in accordance with company policy and contractual requirements
- Ensure appropriate access controls, data handling procedures, and system protections are applied based on data classification levels
- Collaborate with IT and business teams to ensure systems and workflows properly segregate and protect sensitive data in secure environments
- Participate in internal and external security assessments (e.g., CMMC, IRS Pub 4812, RMF, and client audits) by gathering evidence and supporting control validation
- Maintain documentation for security controls, system configurations, and procedures to ensure audit readiness
- Map technical controls and remediation efforts to applicable compliance frameworks
- Work closely with IT operations, system administrators, and leadership to address security risks and operational issues
- Communicate security risks and recommendations clearly to both technical and non-technical stakeholders
- Promote user awareness of data handling expectations, including proper treatment of FCI and CUI in daily operations
Qualifications
- Bachelor's degree from an accredited college or university in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related field
- Relevant industry certifications such as Security+, CISSP, CISM, GSEC, CySA+, CEH, etc.
- Minimum of 7 years of progressively responsible experience in cybersecurity, information security, systems administration, network security, risk management, or a related IT discipline
- Experience supporting security operations, incident response, vulnerability management, compliance, or security engineering in an enterprise environment
- Experience implementing or supporting security requirements aligned with frameworks such as CMMC, NIST 800-53, NIST 800-171 and Cybersecurity Framework (CSF), ISO 27001, CIS Controls, or similar standards
- Experience with security technologies such as SIEM platforms, endpoint detection and response (EDR), vulnerability scanning tools, identity and access management solutions, firewalls, and multifactor authentication technologies
- Ability to work on occasion in the Arlington, VA area
- Must be a U.S. Citizen and consent to a full background check due to our federal contract requirements