Title: Federal Cyber Security Analyst Location: Remote (U.S., New York Preferred) About Rhymetec: Rhymetec was founded in New York City in 2015, growing steadily in the areas of compliance, cyber security and data privacy. Our mission is to ensure our clients are compliant faster, so they can focus on their core business and less on the complexities of building effective and compliant infosec programs. This role is fully remote. Job Description: The Federal Cyber Security Analyst (FCSA) will be responsible for architecting, developing, and implementing solutions that help Rhymetec's clients achieve, manage and measure security metrics and compliance requirements. The role will work closely with their team to help design and deliver security and compliance objectives and have the ability to help drive foundational changes in internal cloud platforms to enhance their security posture. The ideal candidate will have a team first mentality and fit within the core values and culture at Rhymetec, along with project management experience and knowledge with customized compliance road maps for clients. This person will be responsive to both customers and team members with communications, be detail oriented, and hold a high level of autonomy to complete work on time and with quality. Responsibilities: - Prepare agendas and reference documents for meetings with clients. - Assist in building and managing cyber security programs for Rhymetec’s customers based on industry standard cyber security compliance frameworks. - Conduct meetings with clients regularly. - Configure performance monitoring alarms, security alarms, IDS/IPS in AWS, Azure, GCP, Datadog and other cloud infrastructures. - Set up supporting security applications. - Set up mobile device management applications such as Jamf, Jumpcloud, Microsoft Endpoint manager, Hexnode, etc. - Configure and maintain compliance monitoring platforms. - Conduct internal audits, risk assessments, and generate reports. - Conduct Incident Response Tabletop exercises with clients. - Conduct Business Continuity and Disaster recovery tabletop exercises with clients - Document and lead incident response process should an incident arise. - Translate CMMC, FedRAMP, GovRAMP, TX-RAMP (preferred) controls into actionable items for clients. - Conduct employee access reviews, SaaS vendor security assessments, and gap assessments. - Triage bug/vulnerability reports from security researchers. - Complete security questionnaires on behalf of clients. - Draft supporting documents for clients’ information security management systems and information security policies. - Gather and maintain evidence of compliance for various frameworks. - Lead engagements with auditors on behalf of clients. - Communicate tasks to clients’ employees and educate clients on security best practices. Qualifications: - Bachelor's Degree from an accredited university in a Technology or Cybersecurity field OR 4+ years of direct experience in listed areas. - 3+ years of work experience working with cybersecurity and regulatory compliance. - Experience in customer service and ability to develop professional relationships with customers. - Extensive knowledge of compliance, regulatory frameworks, and implementing CMMC, FedRAMP, GovRAMP, TX-RAMP, and other various federal frameworks. - Strong logical security skills, with experience in cloud security. - Understanding of cloud environments (AWS, GCP, Azure) and integrating security controls through DevOps and Infrastructure as a Service (IaaS) techniques. - Certifications are preferred. - Quarterly travel may be required. Benefits Rhymetec offers a robust employee package, including: - Employee covered medical premiums (100%) - Dental and Vision Benefits - PTO and Sick Time, including 11 paid Holidays - 401K retirement plans with company match options - Company paid Life Insurance - Annual Subscription to TalkSpace (online counseling & therapy service) - Summer Fridays! Rhymetec is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetic, disability, age, or veteran status.

• This role leads a team that delivers traditional web application penetration testing, Defense-in-Depth assessments extending beyond the web layer, and Red Team engagements • Shape an automation-first and intelligence-driven offensive security program • Ensure offensive security services evolve from point-in-time testing toward a continuous assurance model • Hire, lead, coach, and retain an expert team; establish goals, role clarity, performance expectations, and development plans • Define and execute the offensive security strategy • Own end-to-end engagement delivery for web application penetration testing, Defense-in-Depth assessments, and Red Team operations • Manage vendor relationships supporting Red Team activities • Partner with vulnerability management, product security, engineering, and infrastructure teams to ensure findings are actionable, prioritized, tracked, and re-tested as appropriate • Define and maintain assessment methodologies, reporting standards, and measurable KPIs

• Lead the deployment and configuration of BeyondTrust Endpoint Privilege Management (EPM) across the organization • Design, implement, and fine‑tune EPM policies, rules, and configurations for different user groups and environments • Work with Security / IAM / IT to plan and execute a phased rollout with early adopters, business teams, and then engineering • Collaborate with internal stakeholders to gather feedback on the rollout and adjust policies and settings accordingly • Create and maintain documentation which includes configuration guides, runbooks, deployment procedures, and best practices • Contribute to testing and validation of EPM policies to minimise user disruption while maintaining strong security controls • Identify opportunities to automate deployment, configuration, and ongoing management (e.g. via scripting in PowerShell, Bash, Python, etc.) • Monitor progress against agreed project timelines and milestones, escalating risks or blockers when needed • Work closely with the wider Identity & Access Management team to align EPM configuration with existing IAM standards and processes • Provide knowledge sharing and basic enablement to internal teams on how to work effectively with the new EPM solution

• Participate in daily network, firewall, and operational support. • Ability to troubleshoot network issues and failures and follow best practices and troubleshooting methodology to quickly assess current situations, find solutions, and implement changes to correct and/or update network topologies to ensure stability and functionality. • Provide technical analysis of operational issues and remediations during troubleshooting efforts to ensure documentations and procedures are followed and updated during active events. This includes the ability to report to management. • Stay up to date on emerging technologies and products, including attaining certifications and participation in industry events as appropriate. • Work with various stake holders to lead problem solving, evolve system roadmap and take critical decisions. • Provide clear communication with regular updates/reports to the management team.