• Provide support to the MARAD Information Assurance Program for operations, business and administrative in support of the System Authorization Process and deliverables as defined in this document. • Direct involvement with MARAD Program Office and the Information System Security Manager (ISSM) on cybersecurity and authority to operate (ATO) matters related to information systems supporting the MARAD CIO. • Manage MARAD’s Information System’s core documentation, in accordance with each phase of the system engineering process / System Development Life Cycle (SDLC) with standardized templates, baseline management with supporting checklists and technical guides. • Support creation/update of FIPS 199 Security Categorization document. • Support creation/update security control selection listing (include justification for applicable tailor and or risk acceptance). • Support creation/update System Security Plan (SSP); ensure discovered and identified system components, control implementation status are addressed. • Assist in security incident response, risk mitigation, and compliance reporting. • Performs other job-related duties as assigned.

• Running detection & response monitor SIEM/EDR telemetry, triage alerts, contain and eradicate threats, then lead root-cause analysis and post-mortems. • Enhancing signal quality by designing correlation searches, refining detection rules, and automating SOAR playbooks to reduce false positives and MTTR. • Analyzing vulnerabilities by extracting findings from platforms like Wiz, Vulcan, Grype, Tenable, and quantifying infrastructure impact to prioritize effectively. • Ensuring remediation governance by generating tickets, assigning owners, enforcing deadlines, and verifying resolutions through rescans and evidence collection thoroughly. • Creating visibility and KPIs by maintaining dashboards tracking vulnerabilities, remediation speed, SLA adherence, MTTR/MTTD, patch age, and risk trends. • Strengthening controls by mapping emerging TTPs to defenses, recommending new detections, and implementing safeguards across cloud, container, and on-prem environments.

• Acts as the escalation point for reviewing security events and incidents from a wide variety of cybersecurity technologies such as endpoint security tools, network security tools, etc. • Performs event correlation using information gathered from a variety of sources within the enterprise to continuously improve detection • Provides support in obtaining and maintaining compliance with NIST standards • Creates and/or maintains incident response documentation including the Incident Response Plan, Incident Response Playbooks, etc. • Partners with various stakeholders across the business to improve overall security posture • Coordinates end-to-end incident response activities related to a wide variety of security risks and threats, including but not limited to, ransomware, system compromise, account takeover, phishing, etc. • Implements security controls and processes to protect digital assets and conduct routine security audits to ensure compliance • Maintains active Threat Intelligence program, integrate Threat Intel with detection and monitoring to proactively block malicious actors • Proactively searches for advanced threats that may evade existing security solutions • Uses threat intelligence to analyze network, endpoint, and application data • Creates and adjusts threat-hunting scripts and queries to improve detection • Contributes to knowledge base and procedural documentation • Mentors less experienced analysts and provide guidance during critical incidents and investigations • Performs other job-related duties as assigned or apparent • Implementing and maintaining security controls in IaaS environments • Driving optimization of Cloud specific security coverage • Developing and maintaining Cloud specific security standards and procedures

• Assisting with internal and external audit engagements (SOC2 Type II, HITRUST, PCIDSS, SOX, GuardianSphere etc.) • Gather control evidence to ensure the information provided fulfills the requirements • Organize audit evidence and manage the control and process libraries • Assist the business to assess, document and remediate risks identified during the assessment • Contributing to eHealth’s compliance maturity: • Work with the business to implement sound security controls aligned with the security policies and standards and identify control gaps • Develop metrics to report to management • Assisting with Security awareness training and phishing campaign exercises • Working with business partners to respond to carrier security questionnaires • Evaluating new vendors for security concerns • Assess the status of projects to identify and implement appropriate corrective measures to resolve security concerns as they arise • Assists in the development and ongoing refinement of enterprise AI policies, standards, and guardrails, embedding responsible and compliant AI use into core governance processes, risk assessments, and control frameworks