Cybersecurity Analyst

About The Position

Requirements

• Bachelor’s degree in cybersecurity, computer science, information assurance, or a related field
• At least 5 years of experience in cybersecurity related to GRC
• Foundational knowledge of NIST SP 800-171 and CMMC
• Experience with CUI (Controlled Unclassified Information) marking and handling requirements
• DoD 8570/8140 IAT Level II certification (e.g., Security+ CE, CySA+, or GSEC)
• CMMC Certified Professional certification, or willingness to obtain within six months of hire
• Experience assisting with the maintenance of compliance documentation, such as SSPs and POA&Ms
• Familiarity with vulnerability management tools and general technical security data
• Must be a U.S. citizen with the ability to obtain and maintain a U.S. Government security clearance

Nice To Haves

• Experience supporting preparations for a DIBCAC or C3PAO assessment
• CMMC Certified Assessor (CCA) certification
• Technical knowledge of system hardening techniques (STIGs) as applied to corporate environments
• Familiarity with Microsoft Azure or other cloud environments

Responsibilities

• Assists the GRC team in ensuring corporate information systems meet NIST SP 800-171 and CMMC standards
• Contributes to the maintenance and regular updates of the corporate System Security Plan (SSP) and Plan of Action and Milestones (POA&M)
• Participates in internal audits and control testing to verify the effectiveness of implemented security measures
• Collects and organizes evidence and artifacts required for CMMC third-party assessments and government compliance reviews
• Supports risk assessment activities by identifying potential threats to corporate systems handling CU
• Monitors vulnerability scanning tools and assists IT operations in tracking the status of remediation task
• Reviews security logs and alerts to identify potential compliance gaps or unauthorized activity within the corporate network
• Assists in drafting and updating corporate security policies and procedures to reflect current regulatory standard
• Maintains security documentation libraries, ensuring all records remain accurate and assessment read
• Supports the creation and distribution of security awareness materials related to the protection of CUI
• Coordinates with IT departments to help integrate security controls into corporate project
• Serves as a point of contact for staff regarding basic compliance inquiries and the secure handling of sensitive data

Benefits

• SDL offers competitive salaries and a comprehensive benefits package.
• Visit our Benefits Page to learn more about what we offer.