Cybersecurity Analyst
Description:
Job Description
Description:
Bizzell US is hiring two (2) experienced Cybersecurity Analysts to provide proactive monitoring, threat detection, vulnerability management, and incident response across FOH’s enterprise IT environment. These analysts will also support Plan of Action and Milestone (POA&M) development, tracking, and reporting in accordance with FISMA, NIST, and HHS security policies.
The ideal candidate has a strong foundation in risk-based cybersecurity operations within federal civilian agencies and experience coordinating with oversight entities like HHS OCIO.
Key Responsibilities
Threat & Vulnerability Management
Monitor FOH systems for vulnerabilities, threats, and anomalies using tools like Nessus, Tenable, or equivalent.
Perform patch management validation and recommend remediation strategies to maintain system hardening.
Incident Response
Lead or assist in cyber incident investigations, triage, and mitigation.
Collect forensic evidence, perform log analysis, and coordinate with HHS OCIO and ISSO on breach response activities.
Compliance & POA&M Management
Track and manage all identified security weaknesses through the POA&M lifecycle.
Ensure timely remediation of vulnerabilities based on severity:
Critical – 15 days
High – 30 days
Medium – 90 days
Low – 365 days
Coordinate input for ATO renewals, security assessments, and annual control testing.
Security Operations
Support continuous monitoring, endpoint protection, audit log review, and access control enforcement.
Collaborate with IT support, system admins, and application developers to implement security controls and mitigate risks.
Maintain compliance with FISMA, NIST 800-53, HHS Policy for IT Security, and FedRAMP where applicable.
Reporting & Documentation
Prepare reports for the COR, ISSM/ISSO, and internal stakeholders on current threats, vulnerabilities, and remediation progress.
Respond to HHS data calls, audits, and formal security documentation requests.
Requirements:
Required Qualifications
Bachelor’s degree in Cybersecurity, Information Systems, or related field.
3+ years of hands-on cybersecurity experience in a federal or regulated environment.
Strong understanding of NIST 800-53, POA&M workflows, and federal incident response playbooks.
Familiarity with vulnerability management tools, SIEM platforms, and audit logging procedures.
Preferred Qualifications
Active certification such as Security+, CEH, CISSP, GSEC, or CAP.
Prior experience supporting HHS or other federal health agencies.
Experience using ServiceNow, Archer GRC, or similar platforms for POA&M tracking and remediation.
Work Environment
Hybrid with core hours between 7 AM – 6 PM EST; may require availability for after-hours incident response.
Some on-site presence at Rockville, MD may be required for briefings, audits, or system reviews.
Full-time