Role Description We're hiring a hands-on Security Analyst to own the day-to-day of our security program across endpoints, cloud, and identity. You'll monitor, investigate, and respond to threats while serving as the first point of contact for employees with security questions. This role has real ownership. You'll operate within established guidelines with appropriate oversight, but the day-to-day security operations are yours to run. We're looking for someone who takes that seriously, someone who can distinguish signal from noise, escalate when it counts, and handle their domain with consistency and care. We're a technical team that moves fast and expects its people to keep up. We want someone who is genuinely curious about how things work, stays current without being told to, and brings ideas rather than waiting for them. What You'll Do - Daily & Weekly - Monitor and triage Microsoft Defender alerts across endpoints, identity, and cloud - Review Intune/MDM compliance dashboards, validate endpoint patch status, and follow up on non-compliant devices - Monitor Azure Defender for Cloud, Azure Policy, and Entra ID for anomalous activity - Handle front-line employee security questions and requests - Monthly - Review access to protected systems and validate permissions remain appropriate - Perform abuse screening per established runbook - Execute web application security scans and document findings - Verify Conditional Access policies are operating as configured and investigate any drift - Review and adjust web filtering rules and endpoint traffic controls - Prepare security metrics reports for leadership - Surface process and tooling improvements to your manager - Quarterly - Coordinate vulnerability scanning with our third-party security partner; triage results, brief Engineering on findings, and drive remediation to closure within SLA - Support compliance evidence collection per compliance team direction - Annually - Own coordination of our penetration test: scoping, scheduling, stakeholder liaison, and remediation tracking - Support the annual audit evidence collection process Qualifications - 3–5 years in a hands-on security operations role across real enterprise environments - Demonstrated experience across the Microsoft Defender suite: Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Defender for Cloud - Working knowledge of Intune/MDM for endpoint compliance - Experience with Azure security services: Azure Policy and Entra ID (Conditional Access, PIM, audit logs) - Familiarity with GitHub Actions and/or Azure DevOps - Experience supporting compliance programs - executing control tasks and contributing to evidence collection - Strong collaborator - someone peers and stakeholders can rely on - Genuinely curious - you follow threads, ask why, and don't stop at the surface Education - We prefer a Bachelor's degree in a technical field but will seriously consider candidates with an Associate's degree, relevant certifications, or equivalent hands-on experience. - Military cybersecurity experience is highly valued. Preferred Qualifications - Microsoft certifications: SC-200, SC-300, AZ-500 - Experience with web application security scanning tools - PowerShell or Python for log analysis and automation Work Environment You'll be the dedicated security analyst on an eight-person technical team, working closely with the compliance team, Engineering, IT, and our external security partners. Occasional availability outside business hours for security incidents is expected.

Role Description SkyePoint Decisions is seeking a SOC Analyst IV to join our team supporting the Department of Education’s (DoED) Federal Student Aid (FSA) Cybersecurity and Privacy Support Services (CPSS) in Washington, DC. This is a remote position. - Provides Tier III support for SIEM alert triage, forensic analysis, and escalation. - Maintains situational awareness of SOC tools and telemetry. - Leads shift handovers and contributes to SOP/playbook updates. - Supports Red Team and Purple Team exercises. Qualifications - 6+ years of SOC experience. - At least one of: GCIH, GCIA, CEH, Security+. - Experience with SIEM, and endpoint telemetry. - Experience with operating systems, networking and AWS native capabilities. - Must be a U.S. citizen. - Must be able to obtain a Public Trust. Benefits - Salary Range: $90,000-$120,000. - Certification incentive program. - PTO and floating federal holiday options. - Several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]. - Flex Spending Accounts [FSAs]. - Full Dental Plans and Vision. - Short-Term/Long-Term Disability and Life Insurance. - 401k matched. - Flexible Work Environment.

• Monitor security tools and alerts and investigate suspicious activity. • Triage, document, and escalate security incidents in coordination with IT and leadership. • Assist with incident response activities, including containment, remediation, and post-incident reviews. • Help create annual audits of current core security controls, policies, and procedures. • Take ownership of the Threatlocker process and review permitted policies. • Assist in reviewing and improving baseline security standards for endpoints, identities, email, and cloud services. • Support vulnerability management activities, including scanning and risk prioritization. • Support client-driven security audits and maintain evidence and documentation for security controls. • Assist with risk assessments and exception tracking. • Support identity and access management processes and assist in protecting sensitive legal and client data. • Work with IT, Operations, HR, and vendors to embed security into firm processes and assist with security awareness initiatives.

• Support Authorization to Operate (ATO) processes for VA systems by updating and maintaining security documentation. • Perform continuous monitoring and vulnerability management using tools like Tenable Nessus, SCCD, and adherence to DISA STIGs. • Conduct risk assessments and ensure compliance with NIST Risk Management Framework (RMF) and FEDRAMP requirements for cloud systems. • Coordinate and execute annual ATO-related exercises. • Ensure timely remediation of vulnerabilities and track mitigation progress in eMASS Service Now (SNOW). • Develop and review Memorandums of Understanding (MOUs).