• Monitor network traffic for security incidents and anomalies. • Conduct vulnerability assessments and penetration testing. • Investigate security breaches and other cybersecurity incidents. • Develop and implement security policies and procedures. • Collaborate with IT and other departments to enhance security measures. • Stay updated with the latest cybersecurity trends and threats. • Accountable for SOC-2 and HIPAA compliance through Vanta • Prepare reports and documentation on security incidents and findings. • Provide training and support to staff on cybersecurity best practices.

Role Summary: The Security Analyst supports the organization’s security, identity, and IT operations by monitoring systems, responding to security events, managing access controls, and assisting with day-to-day security and IT initiatives. This role works closely with the Manager of Information Security, Compliance & IT to strengthen the company’s security posture, support compliance requirements, and ensure reliable and secure IT operations as the organization scales. This position is ideal for a technically curious, hands-on analyst who wants exposure to cloud security, SaaS environments, compliance frameworks, and real-world security operations. Key Responsibilities: Security Operations (SecOps) - Monitor security alerts and logs from security tools (SIEM, EDR, cloud security platforms) - Triage, investigate, and escalate security events and incidents - Assist with incident response activities, evidence collection, and post-incident reviews - Support vulnerability management activities, including scan reviews and remediation tracking - Help maintain detection rules, alerts, and operational runbooks Identity & Access Management (IAM) - Manage user lifecycle processes (onboarding, offboarding, role changes) - Administer identity platforms (e.g., Google Workspace, cloud IAM, SSO providers) - Enforce least-privilege access and role-based access controls - Review and certify user access on a recurring basis - Assist with MFA enforcement and access exception tracking IT & Endpoint Operations - Support endpoint management activities (macOS, Windows, mobile devices) - Assist with endpoint security tooling (EDR, MDM, disk encryption, patching) - Help troubleshoot user access, authentication, and device-related issues - Maintain asset inventories and assist with IT documentation Compliance & Governance Support - Assist with compliance evidence collection (SOC 2, ISO 27001, PCI DSS, etc.) - Support audit preparation and remediation activities - Help maintain security documentation, procedures, and internal standards - Participate in tabletop exercises and security drills Continuous Improvement - Identify opportunities to automate security and IT workflows - Contribute to improving security monitoring, IAM processes, and operational efficiency - Stay current on security threats, best practices, and tooling Required Qualifications: Technical Skills - 2–4 years of experience in information security, IT operations, or a related role - Hands-on experience with IAM concepts (SSO, MFA, RBAC, least privilege) - Familiarity with security operations concepts (SIEM, EDR, alert triage) - Basic understanding of cloud platforms (GCP, AWS, or Azure) - Experience supporting macOS and/or Windows endpoints Security Knowledge - Understanding of common security frameworks and standards (SOC 2, ISO 27001, NIST, PCI) - Familiarity with incident response and vulnerability management concepts - Awareness of common attack techniques and security controls Soft Skills - Strong analytical and problem-solving skills - Clear written and verbal communication - Ability to prioritize tasks and manage multiple workstreams - Comfortable working in a fast-paced, evolving environment - Curious mindset with a desire to learn and grow in security Nice-to-Have Qualifications - Experience with Google Workspace administration - Exposure to SIEM tools (e.g., Chronicle, Splunk, QRadar) - Experience with endpoint management tools (Intune, Jamf, or similar) - Scripting or automation experience (Bash, Python) - Security certifications (Security+, SSCP, Google/AWS certifications) Why This Role Matters: - Directly supports the organization’s security posture and compliance commitments - Provides hands-on exposure to real security operations and cloud environments - Offers mentorship and growth under experienced security leadership - Opportunity to grow into senior security, cloud security, or GRC roles Location United States (Remote) Department Information Security Employment Type Full-Time Minimum Experience Mid-level Compensation USD $70k-$80k

cFocus Software seeks a Journeyman Information Security Analyst to join our program supporting the Internal Revenue Service (IRS). This position is remote. This position requires a Public Trust clearance. Qualifications: - Active Public Trust clearance - 5 to 8 years of progressively responsible experience in information security, cyber risk management, or IT security operations. - Must include at least 3 years of hands-on experience in system security analysis, vulnerability management, or incident response within a Federal Information Systems Security or equivalent enterprise environment. - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field. - Security+ CE certification required. - Higher-level certifications (e.g., CISSP, CISM, CEH, CAP) preferred and may substitute for additional years of experience. - Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and ISCM Plan development. - IT security knowledge with desired Professional Certifications from the International Information System Security Certification Consortium (ISC)2, the International Society for Automation (ISA), the Project Management Institute (PMI), CompTIA, or the SANS Institute - Knowledge of the IRS infrastructure, technologies and general support systems is highly desirable - Knowledge and experience with technology risk assessments covering Webservices, network appliances and software - Knowledge and experience the IRS Enterprise Lifecycle and OneSDLC - Knowledge of System Interconnections to include virtual private network VPN) and other encryption technologies - Knowledge and experience with cloud systems, CSPs, and FedRAMP requirements - Knowledge of IRS Business Units and IT enterprise processes organizational processes within the - Knowledge/experience with Qmulos Q-Compliance, SharePoint, Scanning tools, ServiceNow GRC, SPLUNK - Knowledge and experience with technology security engineering, analysis, and assessment - Knowledge and experience with security architecture principles and system modeling

cFocus Software seeks a Jr. Information Security Analyst to join our program supporting the Internal Revenue Service (IRS). This position is remote. This position requires a Public Trust clearance. Qualifications: - Active Public Trust clearance - 1 to 3 years of relevant professional experience in information security, cyber risk management, network defense, or - Experience may include internships, co-op positions, or hands-on cybersecurity training programs that demonstrate applied understanding of security principles. - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related technical field. - An Associate degree plus 2 additional years of hands-on experience may substitute for a Bachelor’s degree. - CompTIA Security+ CE (or equivalent) required. - Network+, CEH, or CAP certifications preferred. - Knowledge of FISMA, NIST Special Publications, OMB, Risk Management Framework (RMF), and ISCM Plan development. - IT security knowledge with desired Professional Certifications from the International Information System Security Certification Consortium (ISC)2, the International Society for Automation (ISA), the Project Management Institute (PMI), CompTIA, or the SANS Institute - Knowledge of the IRS infrastructure, technologies and general support systems is highly desirable - Knowledge and experience with technology risk assessments covering Webservices, network appliances and software - Knowledge and experience the IRS Enterprise Lifecycle and OneSDLC - Knowledge of System Interconnections to include virtual private network VPN) and other encryption technologies - Knowledge and experience with cloud systems, CSPs, and FedRAMP requirements - Knowledge of IRS Business Units and IT enterprise processes organizational processes within the - Knowledge/experience with Qmulos Q-Compliance, SharePoint, Scanning tools, ServiceNow GRC, SPLUNK - Knowledge and experience with technology security engineering, analysis, and assessment - Knowledge and experience with security architecture principles and system modeling