CMMC Technical Analyst

About The Position

Requirements

• Must be a U.S. Person as defined by ITAR (U.S. citizen, lawful permanent resident, or protected individual).
• Must meet eligibility requirements for access to Controlled Unclassified Information (CUI).
• Must pass all required background screenings.
• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related discipline.
• Must be a U.S. citizen and able to pass a background check.
• Minimum of 5 years of experience in Cybersecurity, Security Analysis, or a related field.
• Strong proficiency in English, with the ability to speak, read, and write at a professional level.

Nice To Haves

• Industry-recognized certifications preferred, such as CISM, CASP+, CISSP, CISA, Security+, or equivalent credentials.

Responsibilities

• Provide Level 2 technical support, including in‑depth diagnostics, root‑cause analysis, system configuration, and network troubleshooting.
• Maintain accurate hardware and software inventory.
• Maintain and update the help desk application to support activity tracking and reporting.
• Ensure all IT operations support corporate objectives and cybersecurity requirements.
• Maintain proficiency in CUI handling requirements and ensure compliance with all applicable regulations.
• Monitor changes in federal cybersecurity laws, standards, and frameworks related to CUI protection.
• Ensure organizational policies reflect current regulatory and contractual obligations.
• Demonstrate expert knowledge of NIST standards, including NIST SP 800‑171.
• Apply expert understanding of CMMC 2.0 requirements to support compliance initiatives.
• Implement and optimize programs aligned with NIST SP 800‑171, CMMC, FedRAMP, and related frameworks.
• Develop and maintain System Security Plans (SSPs), POA&Ms, and other compliance artifacts.
• Maintain evidence repositories, compliance dashboards, and control libraries.
• Analyze audit findings and continuous monitoring data to assess impacts on cybersecurity maturity.
• Lead drafting, revision, and lifecycle management of IT policies, procedures, and memos.
• Perform risk assessments, vulnerability analyses, threat modeling, and control testing.
• Demonstrate proficiency with SIEM platforms, supporting log analysis and monitoring.
• Support continuous monitoring activities to detect threats, including insider threat indicators.
• Demonstrate proficiency with Government Cloud environments (e.g., GCC High, GovCloud).
• Utilize automation and scripting to streamline compliance and operational processes.
• Assist the Systems and Network Manager with cybersecurity projects and implementations.
• Collaborate with business units to ensure systems, services, and vendors comply with safeguarding requirements.
• Translate complex technical and compliance information into clear, actionable guidance for non‑technical stakeholders.
• Train and assist IT support specialists on cybersecurity policies and compliance requirements.
• Adhere to internal IT procedures and recommend improvements as needed.
• Follow all company safety and quality standards.
• Maintain a clean, safe, and organized work environment.
• Perform other related duties as assigned.