• Work with Team to develop a strategy and timeline to meet each project’s milestones and deliverables.. • Participate in the network design, security architecture, and development of diagrams. • Participate in hardware, software, communications media specification. • Participate in device configurations and hardening for security compliance and risk management. • Work with Team to ensure timely delivery of high-quality cybersecurity documentation including diagrams, configuration guides, and training materials. • Participate in cybersecurity assessments including vulnerability and compliance scans and reports. • Participate in S&C’s Information Security program as it applies to customer-facing services. • Perform advanced networking tasks including configuration, troubleshooting, and optimization of Cisco routers, switches, firewalls, and related technologies to support secure communication architectures.

• Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders • Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks • Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries • Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments • Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed • Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms • Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture • Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches • Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation • Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients • Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures

• Conduct our digital risk management program to improve cybersecurity. • Plan, support, and execute security awareness training campaigns. • Assist with analysis, communication, and documentation of audits. • Undertake compliance program/project initiatives, audits, and benchmarking of security policies against good practice and standards. • Assist in the development and implementation of sustainable compliance framework and processes in the organization to meet IT policies, business requirements, and applicable legal and regulatory requirements. • Gain widespread support of and compliance with information security requirements. • Address vulnerabilities identified from various scans making sure that they are properly addressed and categorized leading in the corrective actions to assure data and infrastructure security. • Assist with SOX compliance testing as required

• Provide support to the MARAD Information Assurance Program for operations, business and administrative in support of the System Authorization Process and deliverables as defined in this document. • Direct involvement with MARAD Program Office and the Information System Security Manager (ISSM) on cybersecurity and authority to operate (ATO) matters related to information systems supporting the MARAD CIO. • Manage MARAD’s Information System’s core documentation, in accordance with each phase of the system engineering process / System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides. • Support creation/update of FIPS 199 Security Categorization document. • Support creation/update security control selection listing (include justification for applicable tailor and or risk acceptance). • Support creation/update System Security Plan (SSP); ensure discovered and identified system components, control implementation status are addressed. • Assist in security incident response, risk mitigation, and compliance reporting. • Performs other job-related duties as assigned.