• Conduct our digital risk management program to improve cybersecurity. • Plan, support, and execute security awareness training campaigns. • Assist with analysis, communication, and documentation of audits. • Undertake compliance program/project initiatives, audits, and benchmarking of security policies against good practice and standards. • Assist in the development and implementation of sustainable compliance framework and processes in the organization to meet IT policies, business requirements, and applicable legal and regulatory requirements. • Gain widespread support of and compliance with information security requirements. • Address vulnerabilities identified from various scans making sure that they are properly addressed and categorized leading in the corrective actions to assure data and infrastructure security. • Assist with SOX compliance testing as required

• Provide support to the MARAD Information Assurance Program for operations, business and administrative in support of the System Authorization Process and deliverables as defined in this document. • Direct involvement with MARAD Program Office and the Information System Security Manager (ISSM) on cybersecurity and authority to operate (ATO) matters related to information systems supporting the MARAD CIO. • Manage MARAD’s Information System’s core documentation, in accordance with each phase of the system engineering process / System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides. • Support creation/update of FIPS 199 Security Categorization document. • Support creation/update security control selection listing (include justification for applicable tailor and or risk acceptance). • Support creation/update System Security Plan (SSP); ensure discovered and identified system components, control implementation status are addressed. • Assist in security incident response, risk mitigation, and compliance reporting. • Performs other job-related duties as assigned.

• Running detection & response monitor SIEM/EDR telemetry, triage alerts, contain and eradicate threats, then lead root-cause analysis and post-mortems. • Enhancing signal quality by designing correlation searches, refining detection rules, and automating SOAR playbooks to reduce false positives and MTTR. • Analyzing vulnerabilities by extracting findings from platforms like Wiz, Vulcan, Grype, Tenable, and quantifying infrastructure impact to prioritize effectively. • Ensuring remediation governance by generating tickets, assigning owners, enforcing deadlines, and verifying resolutions through rescans and evidence collection thoroughly. • Creating visibility and KPIs by maintaining dashboards tracking vulnerabilities, remediation speed, SLA adherence, MTTR/MTTD, patch age, and risk trends. • Strengthening controls by mapping emerging TTPs to defenses, recommending new detections, and implementing safeguards across cloud, container, and on-prem environments.

• Acts as the escalation point for reviewing security events and incidents from a wide variety of cybersecurity technologies such as endpoint security tools, network security tools, etc. • Performs event correlation using information gathered from a variety of sources within the enterprise to continuously improve detection • Provides support in obtaining and maintaining compliance with NIST standards • Creates and/or maintains incident response documentation including the Incident Response Plan, Incident Response Playbooks, etc. • Partners with various stakeholders across the business to improve overall security posture • Coordinates end-to-end incident response activities related to a wide variety of security risks and threats, including but not limited to, ransomware, system compromise, account takeover, phishing, etc. • Implements security controls and processes to protect digital assets and conduct routine security audits to ensure compliance • Maintains active Threat Intelligence program, integrate Threat Intel with detection and monitoring to proactively block malicious actors • Proactively searches for advanced threats that may evade existing security solutions • Uses threat intelligence to analyze network, endpoint, and application data • Creates and adjusts threat-hunting scripts and queries to improve detection • Contributes to knowledge base and procedural documentation • Mentors less experienced analysts and provide guidance during critical incidents and investigations • Performs other job-related duties as assigned or apparent • Implementing and maintaining security controls in IaaS environments • Driving optimization of Cloud specific security coverage • Developing and maintaining Cloud specific security standards and procedures