Cybersecurity Analyst
Youth Enrichment Services
Date: 2 weeks ago
City: Rockville, Maryland
Contract type: Full time
Description
Bizzell US is hiring two (2) experienced Cybersecurity Analysts to provide proactive monitoring, threat detection, vulnerability management, and incident response across FOH’s enterprise IT environment. These analysts will also support Plan of Action and Milestone (POA&M) development, tracking, and reporting in accordance with FISMA, NIST, and HHS security policies.
The ideal candidate has a strong foundation in risk-based cybersecurity operations within federal civilian agencies and experience coordinating with oversight entities like HHS OCIO.
Key Responsibilities
Threat & Vulnerability Management
Required Qualifications
Bizzell US is hiring two (2) experienced Cybersecurity Analysts to provide proactive monitoring, threat detection, vulnerability management, and incident response across FOH’s enterprise IT environment. These analysts will also support Plan of Action and Milestone (POA&M) development, tracking, and reporting in accordance with FISMA, NIST, and HHS security policies.
The ideal candidate has a strong foundation in risk-based cybersecurity operations within federal civilian agencies and experience coordinating with oversight entities like HHS OCIO.
Key Responsibilities
Threat & Vulnerability Management
- Monitor FOH systems for vulnerabilities, threats, and anomalies using tools like Nessus, Tenable, or equivalent.
- Perform patch management validation and recommend remediation strategies to maintain system hardening.
- Lead or assist in cyber incident investigations, triage, and mitigation.
- Collect forensic evidence, perform log analysis, and coordinate with HHS OCIO and ISSO on breach response activities.
- Track and manage all identified security weaknesses through the POA&M lifecycle.
- Ensure timely remediation of vulnerabilities based on severity:
- Critical – 15 days
- High – 30 days
- Medium – 90 days
- Low – 365 days
- Coordinate input for ATO renewals, security assessments, and annual control testing.
- Support continuous monitoring, endpoint protection, audit log review, and access control enforcement.
- Collaborate with IT support, system admins, and application developers to implement security controls and mitigate risks.
- Maintain compliance with FISMA, NIST 800-53, HHS Policy for IT Security, and FedRAMP where applicable.
- Prepare reports for the COR, ISSM/ISSO, and internal stakeholders on current threats, vulnerabilities, and remediation progress.
- Respond to HHS data calls, audits, and formal security documentation requests.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Systems, or related field.
- 3+ years of hands-on cybersecurity experience in a federal or regulated environment.
- Strong understanding of NIST 800-53, POA&M workflows, and federal incident response playbooks.
- Familiarity with vulnerability management tools, SIEM platforms, and audit logging procedures.
- Active certification such as Security+, CEH, CISSP, GSEC, or CAP.
- Prior experience supporting HHS or other federal health agencies.
- Experience using ServiceNow, Archer GRC, or similar platforms for POA&M tracking and remediation.
- Hybrid with core hours between 7 AM – 6 PM EST; may require availability for after-hours incident response.
- Some on-site presence at Rockville, MD may be required for briefings, audits, or system reviews.
See more jobs in Rockville, MD