Cyber Security Analyst

About the role

We are seeking a dedicated and skilled Cyber Security Analyst to join our team in support of a critical federal government mission. As a Cyber Security Analyst, you will play a pivotal role in protecting mission-critical systems, identifying vulnerabilities, and implementing robust security measures. You will work in a dynamic and fast-paced environment, ensuring compliance with federal security standards while addressing emerging threats. You will serve on a team and collaborate with Information Assurance Engineers, Information System Security Officers, security compliance auditors, and operations teams.

What you'll do

• Develop and implement security policies, procedures, and guidelines in accordance with NIST 800-53 and other federal frameworks.
• Support the Risk Management Framework (RMF) process, including categorizing systems, selecting and implementing controls, and performing continuous monitoring.
• Maintain System Security Plans (SSPs) and security control implementation documentation.
• Identify and generate artifacts for Assessment & Authorization (A&A) activities.
• Review vulnerability scans and collaborate on remediation efforts.
• Support configuration management by reviewing proposed changes for security impact and recommending alternatives to reduce risk.
• Oversee and monitor Plans of Action and Milestones (POA&Ms), ensuring weaknesses and vulnerabilities are captured with actionable remediation steps and deadlines.
• Analyze system logs, network traffic, and other data to identify potential threats or suspicious activity.
• Collaborate with IT and system administration teams to ensure secure configurations for hardware, software, and systems.
• Provide input and expertise during audits, security control assessments, and compliance reviews.
• Stay updated on the latest cyber threats, tools, and techniques and provide recommendations for proactive defenses.
• Conduct and review vulnerability assessments and penetration testing to identify and remediate security gaps.
• Monitor, analyze, and respond to security events and incidents across the organization’s networks, systems, and applications.

Qualifications

• Proficiency in tools such as Tenable Nessus, Tripwire Log Center, ArcSight, AppScan, or similar vulnerability management and SIEM solutions.
• Strong understanding of federal cybersecurity compliance frameworks, such as FISMA, RMF, or NIST 800-53.
• Knowledge of intrusion detection and prevention systems, firewalls, and other network security technologies.
• Ability to analyze and interpret security event data and logs.
• Knowledge of operational challenges in complex or isolated networks.
• Experience with CSAM, BigFix, Jira, and other workflow, project management, collaboration, and system administration/monitoring tools.
• Experience working in federal government environments, especially NOAA or similar mission-oriented, scientific, or space-based programs, is highly preferred.
• Familiarity with cloud security frameworks (AWS, Azure, or other platforms) is preferred.
• Experience with scripting or automation tools (Python, PowerShell, etc.) is preferred.

Education and Experience

• BS in Cybersecurity, Computer Science, Engineering, related disciplines or equivalent.
• 4+ years of experience in cybersecurity.
• At least one relevant security or architecture certification from ISC2, ISACA, CompTIA, or GIAC such as CISSP, GSEC, CEH, or Security+.

Must be a U.S. Citizen or Permanent Resident who has lived in the United States for at least 3 of the last 5 years and be able to pass a background investigation to obtain a security badge to access applicable government facilities and systems.