Role Description cFocus Software seeks a Security Operations / Firewall Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote and requires a Public Trust clearance. - Monitor cybersecurity tools and alerts to detect and respond to potential security incidents. - Support Security Operations Center (SOC) activities including threat monitoring and alert analysis. - Assist with firewall configuration, rule management, and network segmentation enforcement. - Analyze system and network logs to identify suspicious or unauthorized activities. - Coordinate with cybersecurity teams to respond to incidents and mitigate vulnerabilities. - Monitor SIEM platforms, IDS/IPS systems, endpoint protection tools, and other security monitoring systems. - Investigate security alerts and escalate incidents based on severity and impact. - Perform analysis of network traffic and endpoint telemetry to identify indicators of compromise. - Track and document incident investigations and response activities. - Provide operational monitoring support during high-volume security events or incidents. - Manage firewall rules to enforce least privilege and default-deny access policies. - Support configuration management and change control processes for firewall rule updates. - Conduct routine firewall rule reviews to identify obsolete or unnecessary access rules. - Validate firewall configurations and ensure compliance with HHS and NIH security standards. - Support network segmentation and security zone management to protect sensitive systems. - Validate and monitor logs generated by network and security devices. - Ensure logging configurations comply with federal cybersecurity guidance including OMB M-21-31. - Analyze log data to identify anomalies, policy violations, or indicators of malicious activity. - Assist with cybersecurity compliance activities and audit preparation. Qualifications - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline. - Minimum 3–5 years of experience supporting security operations, network security monitoring, or firewall administration. - Experience with SIEM platforms and cybersecurity monitoring tools. - Familiarity with IDS/IPS systems, endpoint security solutions, and network security technologies. - Experience supporting firewall administration and rule management. - Understanding of federal cybersecurity frameworks such as NIST RMF and FISMA. - Strong analytical, troubleshooting, and documentation skills.

• Serve as trusted advisor to team’s leadership and partner teams by clearly articulating business risks associated with security issues • Harden our cloud-native environments (AWS, OCI, GCP) by introducing secure by default designs and features into network, tooling, and processes • Own and drive resolutions for enabling engineers to design, build, and use infrastructure securely at scale by deploying secure architectures using infrastructure-as-code and reusable code libraries • Manage IAM / RBAC for cloud infrastructure, and partner with IT on streamling authentication/authorization to ensure unified access control across the board • Deploy and operationalize some of the security services and tools (eg: SIEM, SOAR, domain monitoring, endpoint tooling, cloud security tooling) • Respond to security incidents and harden environments post-incidents • Support control monitoring and remediation for compliance initiatives • Gather and analyze security metrics to address security issues with cross-team dependencies • Be a problem solver who is empathetic to developer concerns and will employ constructive and flexible approach to building innovative solutions.

cFocus Software seeks a Security Operations / Firewall Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote. This position requires a Public Trust clearance. Qualifications: - Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline. - Minimum 3–5 years of experience supporting security operations, network security monitoring, or firewall administration. - Experience with SIEM platforms and cybersecurity monitoring tools. - Familiarity with IDS/IPS systems, endpoint security solutions, and network security technologies. - Experience supporting firewall administration and rule management. - Understanding of federal cybersecurity frameworks such as NIST RMF and FISMA. - Strong analytical, troubleshooting, and documentation skills. Duties: - Monitor cybersecurity tools and alerts to detect and respond to potential security incidents. - Support Security Operations Center (SOC) activities including threat monitoring and alert analysis. - Assist with firewall configuration, rule management, and network segmentation enforcement. - Analyze system and network logs to identify suspicious or unauthorized activities. - Coordinate with cybersecurity teams to respond to incidents and mitigate vulnerabilities. - Monitor SIEM platforms, IDS/IPS systems, endpoint protection tools, and other security monitoring systems. - Investigate security alerts and escalate incidents based on severity and impact. - Perform analysis of network traffic and endpoint telemetry to identify indicators of compromise. - Track and document incident investigations and response activities. - Provide operational monitoring support during high-volume security events or incidents. - Manage firewall rules to enforce least privilege and default-deny access policies. - Support configuration management and change control processes for firewall rule updates. - Conduct routine firewall rule reviews to identify obsolete or unnecessary access rules. - Validate firewall configurations and ensure compliance with HHS and NIH security standards. - Support network segmentation and security zone management to protect sensitive systems. - Validate and monitor logs generated by network and security devices. - Ensure logging configurations comply with federal cybersecurity guidance including OMB M-21-31. - Analyze log data to identify anomalies, policy violations, or indicators of malicious activity. - Assist with cybersecurity compliance activities and audit preparation.

The Cybersecurity Investigations & Response (CIR) team within AC3 (Aon’s Global Cybersecurity Operations) is responsible for leading and coordinating incident response, conducting in‑depth investigations, and continuously improving how Aon detects, responds to, and recovers from cyber events. This role can be virtual near one of our US office locations. Aon is in the business of better decisions At Aon, we shape decisions for the better to protect and enrich the lives of people around the world. As an organization, we are united through trust as one inclusive team, and we are passionate about helping our colleagues and clients succeed. What the day will look like This role focuses on deep investigation, coordination, and response leadership—ensuring incidents are executed according to defined processes, evidence is preserved, risks are clearly understood, and lessons learned to drive measurable improvements across Aon’s cybersecurity program. Incident Response & Investigations - Lead or support end-to-end investigations for security incidents, from initial triage through containment, eradication, and recovery. - Perform detailed analysis of alerts, logs, and telemetry across multiple domains (SIEM, endpoint, identity, network, cloud, email, and third-party sources) to determine scope, root cause, and business impact. - Partner closely with AC3 Threat Detection & Response (TDR) teams to validate true positives, refine investigative hypotheses, and improve the quality and reliability of detection signals. - Develop clear incident timelines, findings, and technical assessments, ensuring accurate and complete case documentation. - Maintain high-quality incident records and evidence within Aon’s case management and response tooling. Crisis & Stakeholder Coordination - Support crisis execution during major or high-severity incidents, collaborating with GEOC, Legal, Risk, Audit, Communications, and business leadership as required. - Translate technical findings into clear, risk-based insights for both technical and non-technical audiences. - Follow and reinforce consistent escalation and communication patterns—ensuring the right stakeholders are informed at the right time with the right level of detail. - Contribute to calm, structured, and disciplined response execution during high-pressure events. Playbooks, Procedures & Readiness - Help develop, maintain, and improve incident response runbooks, playbooks, and standard operating procedures for common and high-impact scenarios (e.g., ransomware, BEC, insider threat, data ex-filtration, cloud compromise). - Participate in, and help design, tabletop exercises and simulations to test technical response and crisis readiness. - Support audit, regulatory, and internal assurance activities by clearly documenting response processes, decisions, and evidence of execution. Continuous Improvement & Threat‑Informed Defense - Lead or contribute to lessons‑learned activities following incidents and near misses; track improvement actions through to completion. - Partner with vulnerability management, identity, infrastructure, cloud, and application security teams to ensure investigation insights drive real risk reduction. - Identify detection and visibility gaps and work with TDR to enhance telemetry, tune detections, and improve signal-to-noise ratios across AC3. - Strengthen Aon’s threat‑informed defense by feeding investigative insights back into controls, detections, and processes. Collaboration & Global Alignment - Operate within a follow‑the‑sun global model, coordinating with CIR and TDR peers across North America, EMEA, and APAC. - Support alignment of tools, telemetry, processes, and reporting across regions to enable consistent, scalable operations. - Contribute to a culture of collaboration, shared ownership, and continuous improvement across AC3 and Global Cybersecurity Solutions. How this opportunity is different As a CIR Analyst, you will play a critical role in investigating and responding to security incidents across Aon’s North America region. You will work closely with TDR, Global Security Operations, IT, Legal, Risk, Audit, and business stakeholders to ensure incidents are handled effectively and consistently. Skills and experience that will lead to success Required - Professional experience in cybersecurity operations, incident response, digital forensics, threat hunting, or a closely related discipline. - Strong understanding of core security domains, including: Network security; Endpoint security; Identity and access management; Cloud security fundamentals; Common attack techniques (MITRE ATT&CK familiarity preferred); - Hands-on experience with multiple security technologies, such as: SIEM platforms (log analysis, investigation, correlation); EDR/EPP tools; Network security tools (firewalls, proxies, IDS/IPS); Email security and identity platforms; Cloud security and logging solutions - Demonstrated ability to analyze telemetry, develop investigative hypotheses, and methodically work incidents through to resolution. - Strong written and verbal communication skills, including the ability to produce clear technical documentation and concise executive-level summaries. - Familiarity with structured incident response frameworks (e.g., NIST, SANS, ISO) is preferred. Preferred - Experience in a large, complex, or global enterprise environment. - Prior work experience in a SOC, DFIR function, or Cyber Incident Response Team. - Familiarity with automation or scripting (e.g., Python, PowerShell, KQL, or SOAR platforms) to accelerate investigations and response. - Experience working with SOAR or case management platforms in an operational environment. - Relevant industry certifications (e.g., GCIA, GCFA, GNFA, GCIH, CISSP, CISM) are a plus but not required. Education: Bachelor’s degree or equivalent years of industry experience. How we support our colleagues In addition to our comprehensive benefits package, we encourage an inclusive workforce. Plus, our agile environment allows you to manage your wellbeing and work/life balance, ensuring you can be your best self at Aon. Furthermore, all colleagues enjoy two “Global Wellbeing Days” each year, encouraging you to take time to focus on yourself. We offer a variety of working style solutions for our colleagues as well. Our continuous learning culture inspires and equips you to learn, share and grow, helping you achieve your fullest potential. As a result, at Aon, you are more connected, more relevant, and more valued. Aon values an innovative and inclusive workplace where all colleagues feel empowered to be their authentic selves. Aon is proud to be an equal opportunity workplace. Aon provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, creed, sex, sexual orientation, gender identity, national origin, age, disability, veteran, marital, domestic partner status, or other legally protected status. People with criminal histories are encouraged to apply. We are committed to providing equal employment opportunities and fostering an inclusive workplace. If you require accommodations during the application or interview process, please let us know. You can request accommodations by emailing us at ReasonableAccommodations@Aon.com or your recruiter. We will work with you to meet your needs and ensure a fair and equitable experience. For positions in San Francisco and Los Angeles, we will consider for employment qualified applicants with arrest and conviction record in accordance with local Fair Chance ordinances. Aon is not accepting unsolicited resumes from search firms for this position. If you are a search firm, you will not be compensated in any way for your submission of a candidate, even if Aon hires that candidate. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Pay Transparency Laws: The salary range for this position (intended for U.S. applicants) is $150,000 - $175,000 USD annually. The actual salary will vary based on applicant’s education, experience, skills, and abilities, as well as internal equity and alignment with market data. The salary may also be adjusted based on applicant’s geographic location. This position is eligible to participate in one of Aon’s annual incentive plans to receive an annual discretionary bonus in addition to base salary. The amount of any bonus varies and is subject to the terms and conditions of the applicable incentive plan. Aon offers a comprehensive package of benefits for full-time and regular part-time colleagues, including, but not limited to: a 401(k) savings plan with employer contributions; an employee stock purchase plan; consideration for long-term incentive awards at Aon’s discretion; medical, dental and vision insurance, various types of leaves of absence, paid time off, including 12 paid holidays throughout the calendar year, 15 days of paid vacation per year, paid sick leave as provided under state and local paid sick leave laws, short-term disability and optional long-term disability, health savings account, health care and dependent care reimbursement accounts, employee and dependent life insurance and supplemental life and AD&D insurance; optional personal insurance policies, adoption assistance, tuition assistance, commuter benefits, and an employee assistance program that includes free counseling sessions. Eligibility for benefits is governed by the applicable plan documents and policies. #LI-RB1 #LI-VIRTUAL 2026-99204