• Analyze, deploy, integrate, and monitor security tools, including connecting sources such as AWS, HubSpot, Canvas, and MacBook endpoints (Mosyle, Bitdefender) into our Huntress SIEM. • Review security baselines for configurations to identify gaps, then work with IT to close those gaps (e.g., CIS Benchmark, Vendor Best Practices) • Assist in monitoring security controls in support of SOC 2 (and future HITRUST) compliance assessments. • Monitor security dashboards, alerts, cyber incidents, and participate in tabletop exercises to improve the detection and response posture. • Study user and system behavior to strengthen our security awareness training (KnowBe4) by turning real-world signal into targeted, relevant education for our team. • Work closely with the product team (engineering, product management, and quality assurance) to ensure security monitoring is in place throughout the SDLC • Create proofs of concept and develop capabilities using AI to demonstrate what is possible and accelerate the security program. • Compile and update runbooks to respond to possible security scenarios. • Track assets, users, and files to ensure the security process is followed by our security design and zero trust architecture. • Write and maintain simple scripts and utilities to automate routine security checks across the Govern, Identify, Protect, Detect, Respond, and Recover functions. • Help track and report key metrics such as average time to detect/respond/contain, false positive rate, failed login rate, patch compliance rate, and vulnerability exposure time. • Assist in other capacities around Governance, Risk, and Compliance as needed.

Role Description The Senior Security Analyst’s role is to monitor the security of computing environments and to help implement and maintain information security tools and systems. The Senior Security Analyst monitors security alerts and metrics and identifies small security issues and develops and recommends remediation plans before they turn into large ones. This primarily involves: - Monitoring for new threats - Deploying patches and updates to security systems - Maintaining and protecting a client’s environment - Determining the scope of security cases that evolve from security alerts - Recommending and deploying a plan of action to stabilize security issues - Providing reports on security posture, security tool health, and status - Addressing alerts that may be indicative of a problem Qualifications - Strong oral and written communication skills - Effective time management and multi-tasking skills - Ability to stay organized and be detail-oriented - Demonstrates a passion for solving problems or helping others - Initiative in driving continuous improvement/execution excellence - Exceptional organizational skills, including self-management - Ability to multi-task effectively and accurately in a fast-paced environment Requirements - Bachelor's Degree, or equivalent level of experience in related field - 10+ years of experience in information systems support, Information security, systems integration, or system administration - Proven experience in technical documentation - Security+ or equivalent information security certification Benefits - Rich Medical and prescription plans - Dental & Vision - Paid Holidays and Flexible Paid Time Off - 401K/401K Roth with Safe Harbor matching - Stock Appreciation Rights - Company-paid life insurance, long-term and short-term disability insurance - Company-paid mental health support & financial wellness services - FSA for medical and dependent care - HSA option with compatible medical plan - Company-paid training, materials, and exams - Performance-based bonuses

Role Description We are seeking a detail-oriented Cybersecurity Analyst with hands-on experience in enterprise security operations and a strong understanding of federal compliance frameworks such as NIST SP 800-171, NIST SP 800-53, and CMMC. The ideal candidate has experience securing primarily Windows-based environments, with some exposure to Linux systems, managing vulnerabilities, and responding to security incidents, while also demonstrating a solid grasp of data classification and the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). This individual should be comfortable working in regulated environments where sensitive data is restricted to secure systems, supporting audits, maintaining compliance documentation, and collaborating across IT and business teams. Strong analytical skills, clear communication, and a proactive, accountable approach to safeguarding sensitive data are essential for success in this role. - Support the implementation, monitoring, and enforcement of security controls aligned with NIST SP 800-171, NIST SP 800-53, and CMMC Level 2 requirements - Monitor security events and alerts across enterprise systems (e.g., SIEM, endpoint detection, network devices) and perform incident triage, investigation, and response - Assist in maintaining and securing Windows-based enterprise environments, including Active Directory, servers, and endpoints - Conduct vulnerability scanning and remediation tracking, including prioritization of findings based on risk and compliance impact - Support the protection, processing, and storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) in accordance with company policy and contractual requirements - Support and enforce organizational data classification policies, including identification, labeling, and handling of FCI, CUI, and other sensitive data types - Ensure appropriate access controls, data handling procedures, and system protections are applied based on data classification levels - Collaborate with IT and business teams to ensure systems and workflows properly segregate and protect sensitive data in secure environments - Assist in monitoring and validating that CUI is restricted to authorized systems and not stored on end-user devices outside approved environments - Participate in internal and external security assessments (e.g., CMMC, IRS Pub 4812, RMF, and client audits) by gathering evidence and supporting control validation - Maintain documentation for security controls, system configurations, and procedures to ensure audit readiness - Assist in mapping technical controls and remediation efforts to applicable compliance frameworks - Work closely with IT operations, system administrators, and leadership to address security risks and operational issues - Communicate security risks and recommendations clearly to both technical and non-technical stakeholders - Promote user awareness of data handling expectations, including proper treatment of FCI and CUI in daily operations Qualifications - Bachelor's degree from an accredited college or university in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related field - Relevant industry certifications such as Security+, CISSP, CISM, GSEC, CySA+, CEH - Minimum of 7 years of progressively responsible experience in cybersecurity, information security, systems administration, network security, risk management, or a related IT discipline - Experience supporting security operations, incident response, vulnerability management, compliance, or security engineering in an enterprise environment - Experience implementing or supporting security requirements aligned with frameworks such as CMMC, NIST 800-53, NIST 800-171 and Cybersecurity Framework (CSF), ISO 27001, CIS Controls, or similar standards - Experience with security technologies such as SIEM platforms, endpoint detection and response (EDR), vulnerability scanning tools, identity and access management solutions, firewalls, and multifactor authentication technologies - Experience analyzing security logs, alerts, and incidents using tools with Nessus, Tenable or similar solutions - Ability to work on occasion in the Arlington, VA area - Applicants will be subject to a government security investigation and must meet eligibility criteria for access to sensitive information - Must be a U.S. Citizen and consent to a full background check due to our federal contract requirements Benefits - Ability to make an impact on people's lives, both internal and external to the organization - Top-tier health, dental, vision, and long and short-term disability coverage - Company culture that values balance and allows each employee to take leave as they require it to balance work and home responsibilities - A floating holiday bank to celebrate the days you value - Generous matching retirement contributions and no vesting period starting the third month of employment - Dedicated training and development budgets to expand your expertise and grow your skillset - Paid time off for volunteering - Participation in Fors Marsh staff-led affinity groups - Product and service discounts through the certified B Corp network Salary $110,000-$125,000 Location Remote, within the U.S. Occasional travel required. Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

• Support sales assurance processes by assisting with questionnaire completion and contract reviews. • Assist in maintaining ISO 27001 compliance, through evidence collation and involvement with audits. • Help train AI agents, improve automation tools and continually improve manual processes. • Assist with managing supplier due diligence. • Maintain documentation and processes.