Senior Information Security Analyst

• Support the development and operationalization of the client’s cybersecurity and IT risk management program.
• Develop and maintain information security policies, standards, and procedures aligned with federal and industry frameworks.
• Build and maintain an enterprise IT risk register, risk taxonomy, and control inventory.
• Conduct risk assessments across applications, infrastructure, and enterprise systems.
• Perform SOC testing and assist with SOC audits and compliance reviews.
• Monitor cybersecurity events and support incident response and remediation activities.
• Support the implementation and maintenance of security tools including SIEM, IDS/IPS, DLP, and endpoint protection solutions.
• Assist with POA&M development and remediation tracking for identified security gaps.
• Provide security awareness training and guidance to employees and stakeholders.
• Serve as a cybersecurity risk advisory resource across departments.

• Develop and maintain information security policies, procedures, and standards.
• Establish and maintain IT risk management documentation including risk registers and control inventories.
• Conduct vulnerability scans and targeted risk assessments.
• Monitor and analyze security alerts and incidents across enterprise systems.
• Support incident response activities, including investigation, containment, and remediation.
• Participate in audits, compliance assessments, and documentation development.
• Assist in implementing cybersecurity frameworks and best practices aligned with NIST guidance.
• Collaborate with IT teams and business units to identify and mitigate cybersecurity risks.

• Knowledge of cybersecurity frameworks such as NIST Cybersecurity Framework (CSF), NIST RMF, ISO 27001, and CIS Controls.
• Experience with IT risk management, risk assessments, and control frameworks.
• Familiarity with SOC testing, compliance assessments, and audit processes.
• Hands-on experience with security tools such as SIEM platforms, IDS/IPS, DLP, endpoint protection, and vulnerability management tools.
• Understanding of incident response procedures and vulnerability management practices.
• Familiarity with cloud security environments (AWS, Azure, or GovCloud) preferred.
• Strong analytical, documentation, and communication skills.
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field (or equivalent professional experience).
• Relevant certifications such as CISSP, CISM, CISA, CRISC, or Security+ are preferred.

• Minimum 8–10 years of progressive experience in information security, cybersecurity operations, or IT risk management.
• Experience implementing or supporting NIST-aligned cybersecurity programs.
• Experience conducting risk assessments and vulnerability management activities.
• Experience supporting security audits, SOC testing, and compliance initiatives.
• Ability to collaborate with cross-functional teams and communicate security risks effectively.
• Ability to work on-site with client teams in a government environment.
• Background screening may be required.

Posted: 2026-03-06