• Responding to cyber security alerts within defined SLAs • Contributing to key initiatives to enhance the Cyber Security Operations team’s maturity and operational capabilities • Adhering to cyber security processes, procedures and other documentation while performing incident response duties • Assisting with development of documentation regarding how to perform specific incident response tasks • Analyzing security system logs, security tools, and available data sources to identify attacks against the enterprise and report on any irregularities, issues related to improper access patterns, trending, and event correlations and make suggestions for detection development and system tuning • Assisting in identifying monitoring/detection gaps and helping to drive them toward resolution • Escalating cyber security incidents to incident response analysts when appropriate • Identifying and actioning incident trends observed during triage and response activities • Assisting with the development, maintenance of, and training on technical documentation and Standard Operating Procedures (SOP) • Assisting with cyber security awareness and education initiatives, as needed • Operating in a global on-call rotation and being available to respond outside of normal business hours, if necessary

• Provide direct support for external and internal audit efforts, specifically focusing on frameworks such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and ISO 42001. • Execute and document procedures for continuous monitoring and evidence gathering. • Implement automated solutions, including utilizing AI, to effectively reduce manual efforts associated with repetitive evidence collection tasks. • Review, edit and update internal security policies, standards and procedures to ensure they accurately reflect current operational controls and compliance requirements. • Assist in the supply chain risk management program by tracking vendor compliance documentation, reviewing vendor security posture, and maintaining the vendor risk register. • Participate in internal security audits and support the business development team by completing security questionnaires for Requests for Proposal (RFP), ensuring accurate and compliant representation of our controls.

Role Description As Armis rapidly scales its operations, we are seeking a motivated Cybersecurity Analyst to join our Governance, Risk and Compliance team and directly support our commercial compliance efforts. This role will be an integral part of maintaining and strengthening our overall security posture. You will focus on the foundational work of security, assisting our team in gathering essential evidence, documenting control implementation across our platforms, and ensuring the smooth operation of our key security processes. You will collaborate closely with various departments and end-users across the company, primarily supporting the vital functions of the Office of the Chief Information Security Officer (OCISO) team. What you'll do: - Audit and Assessment Support: Provide direct support for external and internal audit efforts, specifically focusing on frameworks such as SOC 2 Type 2, ISO 27001, ISO 27017, ISO 27018, and ISO 42001. - Evidence Management & Monitoring: Execute and document procedures for continuous monitoring and evidence gathering. Implement automated solutions, including utilizing AI, to effectively reduce manual efforts associated with repetitive evidence collection tasks, ensuring security artifacts are accurately captured and readily available. - Policy and Documentation: Review, edit and update internal security policies, standards and procedures to ensure they accurately reflect current operational controls and compliance requirements. - Vendor and Supply Chain Risk Management (SCRM): Assist in the supply chain risk management program by tracking vendor compliance documentation, reviewing vendor security posture, and maintaining the vendor risk register. - Risk and Sales Support: Participate in internal security audits and support the business development team by completing security questionnaires for Requests for Proposal (RFP), ensuring accurate and compliant representation of our controls. Qualifications - 3-5 years of experience in a security, IT audit, GRC or related technical field. - Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field; equivalent professional experience will be considered in lieu of a degree. - Maintain industry certifications such as CompTIA Security+ and work toward advanced certifications such as (ISC)² CISSP. - Foundational understanding of diverse regulatory environments and major security frameworks and compliance standards (e.g., ISO, SOC, HIPAA, SOX, NIST, FedRAMP, GovRAMP, DoD IL 5/6 PCI DSS). - Foundational understanding of enterprise IT and OT/ICS environments, including network protocols, operating systems, cloud platforms and security technologies. - Foundational understanding of core cloud technologies, particularly security concepts and services within AWS and GCP. - Strong organizational skills, exceptional attention to detail, and the ability to manage documentation effectively. - Excellent written communication skills, with experience reviewing and editing formal technical documents and policies. Preferred Skills - Prior experience in directly supporting security audits for the frameworks noted above. - Familiarity with the FedRAMP authorization process and compliance requirements. - Detailed understanding of core security concepts, including data encryption, logical access controls, and boundary security mechanisms. - Working experience with Linux operating systems. - Experience supporting security or compliance efforts in AWS and GCP cloud environments. - Experience working with a global team where the majority of team members are remote. - Experience working with task planning tools like JIRA and Asana. - Experience managing content throughout its lifecycle in the Microsoft Office 365 and Google Workspace ecosystems. - Experience using GRC automation and evidence management platforms such as Anecdotes, Drata, or similar tools to streamline compliance processes and maintain continuous monitoring. Benefits - Pay ranges $140,000 to $180,000. - The salary range listed does not include other forms of compensation or benefits (e.g. bonuses, commissions, stocks, health insurance benefits, etc.) offered to candidates. - Comprehensive health benefits. - Discretionary time off. - Paid holidays including monthly me days. - A highly inclusive and diverse workplace. Company Description Armis, the cyber exposure management & security company, protects the entire attack surface and manages an organization’s cyber risk exposure in real time. In a rapidly evolving, perimeter-less world, Armis ensures that organizations continuously see, protect and manage all critical assets - from the ground to the cloud. Armis secures Fortune 100, 200 and 500 companies as well as national governments, state and local entities to help keep critical infrastructure, economies and society stay safe and secure 24/7. Armis is a privately held company headquartered in California.

Role Description Tangent Technologies is seeking a skilled Information Systems Security Officer (ISSO) to support a federal program. The ISSO will ensure ongoing security, compliance, and risk management of information systems. This role is critical in the development and implementation of system security documentation and procedures, which are required to obtain and maintain an Authority to Operate (ATO). In this position, the ISSO will serve as a trusted security advisor, ensuring compliance with federal standards including NIST, FISMA, FedRAMP, and the Risk Management Framework (RMF). The ISSO will also help implement effective continuous monitoring practices for assigned systems. Candidates should be proactive, detail-oriented, and possess strong communication skills for client engagement. This position is 100% REMOTE. Key Responsibilities - Security Assessment & Authorization (A&A): - Lead the preparation of ATO packages, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Security Assessment Reports (SARs), and supporting documentation. - Guide systems through the ATO lifecycle and continuous authorization processes, ensuring compliance with NIST SP 800-53, FISMA, and RMF standards. - Risk Mitigation: - Conduct Security Impact Analyses (SIA) for system changes, develop mitigation strategies for identified vulnerabilities, and collaborate with system engineers to maintain secure system baselines. - Compliance Enforcement: - Perform self-assessments, risk assessments, and annual testing of Contingency Plans and Incident Response Plans. - Continuous Monitoring: - Review audit logs, analyze vulnerability scans, and evaluate system-level reports to ensure the effectiveness of security controls. - Technical Knowledge: - Demonstrate expertise in network security, cloud environments (including containers and architectures), operating systems, and security assessment tools. Qualifications - Bachelor’s degree in IT, Cybersecurity, or a related field - Minimum of 6 years of experience in ISSO or RMF roles - Direct experience developing ATO packages (SSP, POA&M, SAR) - Strong knowledge of NIST SP 800-53, FISMA, and RMF requirements - Demonstrated ability to manage multiple systems (4-6 simultaneously) Preferred Qualifications - Experience with cloud-based systems (SaaS, IaaS, PaaS) from major providers such as AWS, Azure, or GCP - Experience using Google Suite tools - Familiarity with AI tools such as Gemini, ChatGPT etc. - Familiarity with Archer or CSAM platforms - Relevant certifications (one required): CISSP, CISM, CISA, CRISC, CGRC - Experience supporting federal civilian agencies - Active Public Trust clearance Veteran Hiring Preference Tangent Technologies is a Service-Disabled Veteran-Owned Small Business (SDVOSB). Veterans and military-affiliated individuals are strongly encouraged to apply. Security Requirement Candidates must successfully complete a federal background investigation, which includes a financial suitability screening.