Cybersecurity Analyst, IT Operations at Fors Marsh

WHO WE ARE:

At Fors Marsh, we take on issues that matter. We are a team of researchers, strategists, and communicators working together to drive lasting change. We look at human behavior from all angles with a deep understanding of people and context to design solutions that influence decision-making and move people to action. Our work promotes health and well-being, shapes resilient communities, and builds effective and accountable institutions. We are a certified B Corporation and a Top Workplace for 7 consecutive years.

WHO WE ARE LOOKING FOR:

We are seeking a detail-oriented Cybersecurity Analyst with hands-on experience in enterprise security operations and a strong understanding of federal compliance frameworks such as NIST SP 800-171, NIST SP 800-53, and CMMC. The ideal candidate has experience securing primarily Windows-based environments, with some exposure to Linux systems, managing vulnerabilities, and responding to security incidents, while also demonstrating a solid grasp of data classification and the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI). This individual should be comfortable working in regulated environments where sensitive data is restricted to secure systems, supporting audits, maintaining compliance documentation, and collaborating across IT and business teams. Strong analytical skills, clear communication, and a proactive, accountable approach to safeguarding sensitive data are essential for success in this role.

Responsibilities include:
• Support the implementation, monitoring, and enforcement of security controls aligned with NIST SP 800-171, NIST SP 800-53, and CMMC Level 2 requirements
• Monitor security events and alerts across enterprise systems (e.g., SIEM, endpoint detection, network devices) and perform incident triage, investigation, and response
• Assist in maintaining and securing Windows-based enterprise environments, including Active Directory, servers, and endpoints
• Conduct vulnerability scanning and remediation tracking, including prioritization of findings based on risk and compliance impact
• Support the protection, processing, and storage of Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) in accordance with company policy and contractual requirements
• Support and enforce organizational data classification policies, including identification, labeling, and handling of FCI, CUI, and other sensitive data types
• Ensure appropriate access controls, data handling procedures, and system protections are applied based on data classification levels
• Collaborate with IT and business teams to ensure systems and workflows properly segregate and protect sensitive data in secure environments
• Assist in monitoring and validating that CUI is restricted to authorized systems and not stored on end-user devices outside approved environments
• Participate in internal and external security assessments (e.g., CMMC, IRS Pub 4812, RMF, and client audits) by gathering evidence and supporting control validation
• Maintain documentation for security controls, system configurations, and procedures to ensure audit readiness
• Assist in mapping technical controls and remediation efforts to applicable compliance frameworks
• Work closely with IT operations, system administrators, and leadership to address security risks and operational issues
• Communicate security risks and recommendations clearly to both technical and non-technical stakeholders
• Promote user awareness of data handling expectations, including proper treatment of FCI and CUI in daily operations

Qualifications:

• Bachelor's degree from an accredited college or university in Cybersecurity, Information Technology, Computer Science, Information Systems, Engineering, or a related field
• Relevant industry certifications such as Security+, CISSP, CISM, GSEC, CySA+, CEH, .
• Minimum of 7 years of progressively responsible experience in cybersecurity, information security, systems administration, network security, risk management, or a related IT discipline. Experience supporting security operations, incident response, vulnerability management, compliance, or security engineering in an enterprise environment.
• Experience implementing or supporting security requirements aligned with frameworks such as CMMC, NIST 800-53, NIST 800-171 and Cybersecurity Framework (CSF), ISO 27001, CIS Controls, or similar standards..
• Experience with security technologies such as SIEM platforms, endpoint detection and response (EDR), vulnerability scanning tools, identity and access management solutions, firewalls, and multifactor authentication technologies. Experience analyzing security logs, alerts, and incidents using tools with Nessus, Tenable or similar solutions
• Ability to work on occasion in the Arlington, VA area.
• Applicants will be subject to a government security investigation and must meet eligibility criteria for access to sensitive information.
• Must be a U.S. Citizen and consent to a full background check due to our federal contract requirements.

We Offer:

Our benefits typically meet or exceed our competitors’ packages. What’s in it for you?

• Ability to make an impact on people’s lives, both internal and external to the organization.

• Top-tier health, dental, vision, and long and short-term disability coverage.

• Our company culture, which values balance and allows each employee to take leave as they require it to balance the responsibilities of both their work and home lives without worrying about depleting their available leave hours.

• A floating holiday bank so you can celebrate the days you value.

• Generous matching retirement contributions and no vesting period starting the third month of employment.

• Dedicated training and development budgets to expand your expertise and grow your skillset.

• You can volunteer your way with paid time off.

• You can participate in Fors Marsh staff-led affinity groups.

• Our employees receive product and service discounts through the certified B Corp network.

Salary: $110,000-$125,000

Internal Fors Marsh Career Map Title: Cybersecurity Analyst III

Location: Remote, within the U.S. Occasional travel required.

Equal Opportunity Employer: All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.