Cybersecurity Analyst Job at Marathon TS in Southport

Marathon TS is hiring for a Cybersecurity Analyst in Southport, NC.

Principal Duties and Responsibilities:

• Consult with system owners to review risk assessments for IT and OT systems, identify vulnerabilities, and provide governance-focused recommendations for mitigation strategies in compliance with RMF and NIST standards.
• Review/complete RMF packages to include System Categorizations, Security Plan, and Authorization Packages (A&A, Assess Only).
• Monitor and determine system categorization in accordance with NIST SP 800-59, NIST SP 800-60, FIPS 199, and/or CNSSI 1253 and NSA's BOD (as applicable) in areas of Confidentiality, Integrity, and Availability (CIA) and coordinate approval.
• Integrate cybersecurity and IT initiatives into systems, ensuring compliance with organizational standards and security best practices.
• Manage and execute the full RMF lifecycle for Army and DoD-related systems, including categorization, security controls implementation, risk assessment, and continuous monitoring.
• Work closely with customers and stakeholders to ensure compliance with RMF standards and requirements in accordance with organizational guidelines.
• Advise organization on RMF-related policies and guidance and perform all traditional duties of an ISSO to assist the organization with registering their IT/OT systems in eMASS.
• Provide guidance and mentorship to junior cyber analysts and staff.
• Review and analyze policies with emphasis in IT/OT, ensuring alignment with applicable laws, directives, and regulations while addressing the unique information technology and operational requirements of both environments.
• Support initiatives to integrate Zero Trust, IPv6, and Windows 11 strategies into the Army's Operational Technology and IT environment, ensuring alignment with security objectives.
• Inform the customer of the implementation of ICAM frameworks to ensure secure identity lifecycle management and access control policies across IT and OT systems.
• Leverage ICAM principles to enhance identity governance, multi-factor authentication (MFA), and role-based access for personnel and systems.
• Ensure alignment of ICAM initiatives from Army policies and DoD directives to the OT environment.
• Assist with developing and maintaining security documentation for all systems under the organization' s purview, ensuring all artifacts (e.g., SSPs, POA&Ms, C&A packages) are up-to-date and aligned with the Army's and organizations RMF process.
• Provide clear, concise reports on risk posture to senior leadership.
• Analyze assessments and findings from Cyber Protection Teams (CPTs), Black Start Exercises, and other relevant IT/OT assessments.
• Provide a comprehensive analysis of the "so-what" of these assessments, highlighting key takeaways, risks, and recommendations for improvement.
• Present findings in a clear, concise presentation format to senior leadership, ensuring the leadership team is informed and equipped to make strategic decisions based on these analyses.

Required Experience

• Bachelor's degree (or higher) in Cybersecurity, Information Technology, or a related field. Minimum of 3 related certifications may be used in place of related academic field.
• Minimum of 10-12 years in IT/OT roles, including at least 3-5 years of experience in a senior role with ISSO responsibilities.
• Active Secret Security Clearance required.
• Security + or equivalent certification.

Preferred Qualifications

• Master's degree preferred.
• Demonstrated experience and working knowledge of the Army's IT/OT processes and firsthand knowledge in securing Operational Technology (OT) and Control Systems is highly preferred.
• Understanding of Zero Trust frameworks, including micro-segmentation, identity-based access, and continuous monitoring.
• Deep IT/OT understanding of RMF, NIST 800-53, Zero Trust, and cybersecurity principles.
• Must be able to develop Network Diagrams according to DISA Client Standards.
• Expertise in securing/hardening IT and OT systems, including SCADA, ICS, and industrial control systems, as well as risk management and compliance assessments.
• Advanced knowledge of ICAM, IPv6 implementation and Windows 11 deployment.
• Demonstrated experience in policy development, analysis of laws, directives, and regulations related to IT/OT, particularly in a government or military context.
• Ability to interpret and apply regulations to both IT and OT operational environments.
• Proven ability to lead and manage teams, guide strategic decision-making, and communicate effectively with senior leadership and cross-functional teams.
• In-depth knowledge of Army-specific IT/OT standards, RMF application, and security practices.
• Strong understanding of IT/OT and Information Technology laws, directives, and regulations at the federal and DoD level.
• Ability to analyze and synthesize complex assessments from CPTs, BSEs, and other similar activities, and translate these into actionable insights.
• Exceptional presentation and communication skills, capable of translating technical concepts for senior leadership.
• Strong written and verbal communication skills for technical and non-technical audiences, with experience presenting findings to senior leadership.
• Ability to work independently and as part of a collaborative team environment.
• Analytical thinking with the ability to balance operational and security requirements in both IT and OT environments.
• Exceptional critical thinking skills and an initiative-taking approach to Information Technology threats.
• One or more of the following Certifications:
  • Industry certifications such as CISSP, CISM, or other relevant certifications preferred.
  • Certifications that demonstrate firsthand Information technology knowledge specific to the Army and OT environments are highly desirable, including GIAC Security Essentials (GSEC).

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").