ECS Limited
Cyber Compliance Analyst (Subject Matter Expert)
ECS Limited, Washington, District of Columbia, us, 20022
ECS is seeking a
Cyber Compliance Analyst (Subject Matter Expert)
to work in our
Washington, DC
office.
Position Summary : ECS seeks a Cyber Compliance Analyst and Subject Matter Expert to design, implement, and mature enterprise-wide continuous monitoring across a highly federated environment encompassing 400+ information systems. The role combines planning, establishing, and deploying a OA/CONMON Program; monitoring the program system(s); analyzing security data; and enabling enterprise systemic, automated observability and compliance. This position is full time/permanent supporting a U.S. Government civilian agency and is available upon selection of a qualified candidate with the appropriate background clearance.
Position Responsibilities :
Analyze, integrate, and operate an enterprise continuous monitoring program spanning 400+ systems, enabling both centralized visibility and domain-level autonomy. Define data ingestion, normalization, and correlation patterns across multi-cloud, on-prem, and containerized workloads; implement resilient pipelines and schemas supporting operational and analytic use cases. Embed monitoring and security controls into CI/CD workflows; codify monitoring configurations via IaC; implement automated testing and policy-as-code for guardrails. Build and maintain dashboards, SLOs/SLIs, and executive reporting for availability, performance, and risk; reduce noise and alert fatigue through tuning and adaptive thresholds. Lead root-cause analysis and post-incident reviews; drive corrective actions and architectural improvements across domains. Establish common policies, standards, metrics, and procedures aligned to NIST SP 800-137, SP 800-53/53A, SP 800-30/-37/-39, and relevant 1800 series practice guides; harmonize with RMF, FedRAMP, and CMMC ConMon expectations. Orchestrate vulnerability management at scale, integrating scanner outputs with CMDB/eGRC for risk-based remediation and POA&M tracking. Partner with architects and engineers to design systemic, automated controls and telemetry paths as the enterprise matures; champion Zero Trust-aligned observability (identity, device, network, application, and data planes). Provide ongoing enablement and training to domain teams; cultivate a community of practice for ConMon across the enterprise. Collaborate with executive stakeholders to translate technical risk into business impact and to sequence investments on an enterprise roadmap. Salary Range: $145,000 - $155,000
General Description of Benefits
Demonstrated expertise in operating continuous monitoring (ConMon) capabilities at enterprise scale in federated environments (400+ systems). Expert-level knowledge of core ConMon processes and tooling, including data collection, normalization, alerting, correlation, dashboarding, and metrics. Experience with hybrid/multi-cloud proficiency across AWS, Microsoft Azure, and Google Cloud Platform, including native monitoring services (e.g., Amazon CloudWatch, Azure Monitor). Security & compliance expertise: SIEM correlation and incident response runbooks; hands-on vulnerability management at scale; applied knowledge of RMF, FedRAMP, and CMMC ConMon requirements; alignment with NIST SP 800-137, SP 800-53/53A, and related guidance. Strong stakeholder management, negotiation, and communication skills to drive standardization without eroding domain autonomy. Proven root-cause analysis across layered architectures and proactive engineering to prevent alert fatigue and reduce mean time to detect/respond (MTTD/MTTR). Governance experiences in establishing common metrics, policies, and procedures for ConMon across disparate domains; ability to lead through influence. Prior work in highly federated federal environments and complex inter-component data sharing. Direct Experience with Monitoring & Tooling (non-exhaustive):
Asset Management: CMDB (asset discovery, incident/change integration, visualization) CDM Data Platform: Elastic General Monitoring/Telemetry: Datadog; next-gen/firewall telemetry ingestion GRC: Archangel (or equivalent eGRC) Network/IDS/IPS Telemetry: Azure Firewall (and related network security services) SIEM: Splunk, SolarWinds Security Event Manager (SEM), Microsoft Sentinel Storage/Lakehouse: Data lakes for security/ops analytics Vulnerability Management: Tenable, Rapid7, Qualys, Wiz XDR/EDR: Microsoft Defender
Certifications/Licenses :
Bachelor's degree in computer science, MIS/IT, Engineering, Information Security/IA, or related field (or equivalent experience). One or more preferred certifications: CISSP, CISM, CISA, CAP, GSEC, Security+, CRISC, CEH, or equivalent. Active Top Secret (TS) clearance (or higher) required.
Cyber Compliance Analyst (Subject Matter Expert)
to work in our
Washington, DC
office.
Position Summary : ECS seeks a Cyber Compliance Analyst and Subject Matter Expert to design, implement, and mature enterprise-wide continuous monitoring across a highly federated environment encompassing 400+ information systems. The role combines planning, establishing, and deploying a OA/CONMON Program; monitoring the program system(s); analyzing security data; and enabling enterprise systemic, automated observability and compliance. This position is full time/permanent supporting a U.S. Government civilian agency and is available upon selection of a qualified candidate with the appropriate background clearance.
Position Responsibilities :
Analyze, integrate, and operate an enterprise continuous monitoring program spanning 400+ systems, enabling both centralized visibility and domain-level autonomy. Define data ingestion, normalization, and correlation patterns across multi-cloud, on-prem, and containerized workloads; implement resilient pipelines and schemas supporting operational and analytic use cases. Embed monitoring and security controls into CI/CD workflows; codify monitoring configurations via IaC; implement automated testing and policy-as-code for guardrails. Build and maintain dashboards, SLOs/SLIs, and executive reporting for availability, performance, and risk; reduce noise and alert fatigue through tuning and adaptive thresholds. Lead root-cause analysis and post-incident reviews; drive corrective actions and architectural improvements across domains. Establish common policies, standards, metrics, and procedures aligned to NIST SP 800-137, SP 800-53/53A, SP 800-30/-37/-39, and relevant 1800 series practice guides; harmonize with RMF, FedRAMP, and CMMC ConMon expectations. Orchestrate vulnerability management at scale, integrating scanner outputs with CMDB/eGRC for risk-based remediation and POA&M tracking. Partner with architects and engineers to design systemic, automated controls and telemetry paths as the enterprise matures; champion Zero Trust-aligned observability (identity, device, network, application, and data planes). Provide ongoing enablement and training to domain teams; cultivate a community of practice for ConMon across the enterprise. Collaborate with executive stakeholders to translate technical risk into business impact and to sequence investments on an enterprise roadmap. Salary Range: $145,000 - $155,000
General Description of Benefits
Demonstrated expertise in operating continuous monitoring (ConMon) capabilities at enterprise scale in federated environments (400+ systems). Expert-level knowledge of core ConMon processes and tooling, including data collection, normalization, alerting, correlation, dashboarding, and metrics. Experience with hybrid/multi-cloud proficiency across AWS, Microsoft Azure, and Google Cloud Platform, including native monitoring services (e.g., Amazon CloudWatch, Azure Monitor). Security & compliance expertise: SIEM correlation and incident response runbooks; hands-on vulnerability management at scale; applied knowledge of RMF, FedRAMP, and CMMC ConMon requirements; alignment with NIST SP 800-137, SP 800-53/53A, and related guidance. Strong stakeholder management, negotiation, and communication skills to drive standardization without eroding domain autonomy. Proven root-cause analysis across layered architectures and proactive engineering to prevent alert fatigue and reduce mean time to detect/respond (MTTD/MTTR). Governance experiences in establishing common metrics, policies, and procedures for ConMon across disparate domains; ability to lead through influence. Prior work in highly federated federal environments and complex inter-component data sharing. Direct Experience with Monitoring & Tooling (non-exhaustive):
Asset Management: CMDB (asset discovery, incident/change integration, visualization) CDM Data Platform: Elastic General Monitoring/Telemetry: Datadog; next-gen/firewall telemetry ingestion GRC: Archangel (or equivalent eGRC) Network/IDS/IPS Telemetry: Azure Firewall (and related network security services) SIEM: Splunk, SolarWinds Security Event Manager (SEM), Microsoft Sentinel Storage/Lakehouse: Data lakes for security/ops analytics Vulnerability Management: Tenable, Rapid7, Qualys, Wiz XDR/EDR: Microsoft Defender
Certifications/Licenses :
Bachelor's degree in computer science, MIS/IT, Engineering, Information Security/IA, or related field (or equivalent experience). One or more preferred certifications: CISSP, CISM, CISA, CAP, GSEC, Security+, CRISC, CEH, or equivalent. Active Top Secret (TS) clearance (or higher) required.