Cybersecurity Analyst, IT Operations

About the Role

The Cybersecurity Analyst will be working in a fast-paced environment where attention to detail, analytical skills, and the ability to communicate complex security concepts are essential. The ideal candidate will have experience working in regulated environments and be well-versed in federal compliance frameworks such as NIST SP 800-171 and CMMC.

Fors Marsh is a company that values innovation, collaboration, and employee growth. As a certified B Corporation and a Top Workplace for 7 consecutive years, the company offers a dynamic and supportive work environment that encourages employees to thrive.

What You Will Do

• Support the implementation, monitoring, and enforcement of security controls aligned with NIST SP 800-171, NIST SP 800-53, and CMMC Level 2 requirements
• Monitor security events and alerts across enterprise systems and perform incident triage, investigation, and response
• Assist in maintaining and securing Windows-based enterprise environments, including Active Directory, servers, and endpoints
• Conduct vulnerability scanning and remediation tracking, including prioritization of findings based on risk and compliance impact
• Support the protection, processing, and storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) in accordance with company policy and contractual requirements
• Support and enforce organizational data classification policies, including identification, labeling, and handling of FCI, CUI, and other sensitive data types
• Ensure appropriate access controls, data handling procedures, and system protections are applied based on data classification levels
• Collaborate with IT and business teams to ensure systems and workflows properly segregate and protect sensitive data in secure environments
• Assist in monitoring and validating that CUI is restricted to authorized systems and not stored on end-user devices outside approved environments
• Participate in internal and external security assessments by gathering evidence and supporting control validation
• Maintain documentation for security controls, system configurations, and procedures to ensure audit readiness

What We Are Looking For

• Bachelor's degree from an accredited college or university in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related field
• Relevant industry certifications such as Security+, CISSP, CISM, GSEC, CySA+, CEH
• Minimum of 7 years of progressively responsible experience in cybersecurity, information security, systems administration, or a related field
• Experience working in regulated environments and with federal compliance frameworks such as NIST SP 800-171 and CMMC
• Strong understanding of Windows-based environments, including Active Directory, servers, and endpoints
• Experience with vulnerability scanning and remediation tracking
• Excellent analytical and problem-solving skills
• Ability to communicate complex security concepts to both technical and non-technical stakeholders

Nice to Have

• Experience working with Linux systems
• Knowledge of cloud security platforms such as AWS or Azure
• Familiarity with security information and event management (SIEM) systems
• Experience with incident response and threat hunting

Benefits and Perks

• Competitive salary and benefits package
• Opportunity to work with a certified B Corporation and a Top Workplace for 7 consecutive years
• Collaborative and dynamic work environment
• Professional development and growth opportunities
• Flexible work arrangements, including remote work options
• Access to cutting-edge technology and tools
• Comprehensive health and wellness benefits
• Generous paid time off and holiday schedule

• tip: Highlight your experience working with federal compliance frameworks such as NIST SP 800-171 and CMMC, and be prepared to provide specific examples of how you have implemented security controls in previous roles.
• tip: Showcase your analytical and problem-solving skills by providing examples of how you have identified and remediated security vulnerabilities in the past.
• tip: Emphasize your ability to communicate complex security concepts to both technical and non-technical stakeholders, and be prepared to provide examples of how you have presented security information to different audiences.
• tip: Be prepared to discuss your experience working in regulated environments and with sensitive data, and highlight your attention to detail and ability to follow established protocols.
• tip: Research the company culture and values, and be prepared to discuss how your own values and work style align with those of the company.
• tip: Don't be afraid to ask questions during the interview process, and be prepared to discuss your salary expectations and any other benefits or perks that are important to you.