• Manage Plan of Action & Milestones (POA&Ms) lifecycle including creation, tracking, risk adjustment justification, and deviation requests in coordination with 3PAO assessors and federal stakeholders • Collect, organize, and maintain security control evidence and artifacts for monthly continuous monitoring deliverables and assessment/authorization activities, ensuring alignment with FedRAMP, HITRUST, PCI, and similar frameworks • Maintain accurate system inventory and authorization boundary documentation to ensure scanning scope aligns with approved system boundaries • Analyze scan results for false positives, document justifications, and prepare deviation requests with supporting risk assessments • Translate technical vulnerability findings into risk-based language for federal clients and authorization officials, presenting monthly status briefings as needed • Collaborate with development, SRE, and infrastructure teams to integrate vulnerability management into CI/CD pipelines, cloud environments (AWS, Azure, GCP), and container/Kubernetes platforms • Participate in change management processes to ensure continuous monitoring activities align with system changes and maintain compliance posture • Support and maintain enterprise vulnerability management tools (such as Tenable, Nessus, Burp, Qualys, Rapid7, Wiz, Prisma, Microsoft Defender), ensuring timely updates and patches • Run regular and on-demand scans across operating systems, databases, web applications, and containers, then work with technical teams to create tickets for remediation • Track and document vendor dependencies, operational requirements, and open vulnerabilities, producing clear monthly reports and updates for clients • Contribute to improving internal standards and processes, including maintaining documentation, training materials, and standard operating procedures

• Conduct our digital risk management program to improve cybersecurity. • Plan, support, and execute security awareness training campaigns. • Assist with analysis, communication, and documentation of audits. • Undertake compliance program/project initiatives, audits, and benchmarking of security policies against good practice and standards. • Assist in the development and implementation of sustainable compliance framework and processes in the organization to meet IT policies, business requirements, and applicable legal and regulatory requirements. • Gain widespread support of and compliance with information security requirements. • Address vulnerabilities identified from various scans making sure that they are properly addressed and categorized leading in the corrective actions to assure data and infrastructure security. • Assist with SOX compliance testing as required

• Provide support to the MARAD Information Assurance Program for operations, business and administrative in support of the System Authorization Process and deliverables as defined in this document. • Direct involvement with MARAD Program Office and the Information System Security Manager (ISSM) on cybersecurity and authority to operate (ATO) matters related to information systems supporting the MARAD CIO. • Manage MARAD’s Information System’s core documentation, in accordance with each phase of the system engineering process / System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides. • Support creation/update of FIPS 199 Security Categorization document. • Support creation/update security control selection listing (include justification for applicable tailor and or risk acceptance). • Support creation/update System Security Plan (SSP); ensure discovered and identified system components, control implementation status are addressed. • Assist in security incident response, risk mitigation, and compliance reporting. • Performs other job-related duties as assigned.

• Running detection & response monitor SIEM/EDR telemetry, triage alerts, contain and eradicate threats, then lead root-cause analysis and post-mortems. • Enhancing signal quality by designing correlation searches, refining detection rules, and automating SOAR playbooks to reduce false positives and MTTR. • Analyzing vulnerabilities by extracting findings from platforms like Wiz, Vulcan, Grype, Tenable, and quantifying infrastructure impact to prioritize effectively. • Ensuring remediation governance by generating tickets, assigning owners, enforcing deadlines, and verifying resolutions through rescans and evidence collection thoroughly. • Creating visibility and KPIs by maintaining dashboards tracking vulnerabilities, remediation speed, SLA adherence, MTTR/MTTD, patch age, and risk trends. • Strengthening controls by mapping emerging TTPs to defenses, recommending new detections, and implementing safeguards across cloud, container, and on-prem environments.