Cyber Compliance Analyst (Subject Matter Expert)

ECS is seeking a Cyber Compliance Analyst (Subject Matter Expert) to work in our Washington, DC office.  

Position Summary:
ECS seeks a Cyber Compliance Analyst and Subject Matter Expert to design, implement, and mature enterprise-wide continuous monitoring across a highly federated environment encompassing 400+ information systems. The role combines planning, establishing, and deploying a OA/CONMON Program; monitoring the program system(s); analyzing security data; and enabling enterprise systemic, automated observability and compliance. This position is full time/permanent supporting a U.S. Government civilian agency and is available upon selection of a qualified candidate with the appropriate background clearance.

Position Responsibilities:

• Analyze, integrate, and operate an enterprise continuous monitoring program spanning 400+ systems, enabling both centralized visibility and domain-level autonomy.
• Define data ingestion, normalization, and correlation patterns across multi-cloud, on-prem, and containerized workloads; implement resilient pipelines and schemas supporting operational and analytic use cases.
• Embed monitoring and security controls into CI/CD workflows; codify monitoring configurations via IaC; implement automated testing and policy-as-code for guardrails.
• Build and maintain dashboards, SLOs/SLIs, and executive reporting for availability, performance, and risk; reduce noise and alert fatigue through tuning and adaptive thresholds.
• Lead root-cause analysis and post-incident reviews; drive corrective actions and architectural improvements across domains.
• Establish common policies, standards, metrics, and procedures aligned to NIST SP 800-137, SP 800-53/53A, SP 800-30/-37/-39, and relevant 1800 series practice guides; harmonize with RMF, FedRAMP, and CMMC ConMon expectations.
• Orchestrate vulnerability management at scale, integrating scanner outputs with CMDB/eGRC for risk-based remediation and POA&M tracking.
• Partner with architects and engineers to design systemic, automated controls and telemetry paths as the enterprise matures; champion Zero Trust-aligned observability (identity, device, network, application, and data planes).
• Provide ongoing enablement and training to domain teams; cultivate a community of practice for ConMon across the enterprise.
• Collaborate with executive stakeholders to translate technical risk into business impact and to sequence investments on an enterprise roadmap.

Salary Range: $145,000 - $155,000

General Description of Benefits

Qualifications

• Demonstrated expertise in operating continuous monitoring (ConMon) capabilities at enterprise scale in federated environments (400+ systems).
• Expert-level knowledge of core ConMon processes and tooling, including data collection, normalization, alerting, correlation, dashboarding, and metrics.
• Experience with hybrid/multi-cloud proficiency across AWS, Microsoft Azure, and Google Cloud Platform, including native monitoring services (e.g., Amazon CloudWatch, Azure Monitor).
• Security & compliance expertise: SIEM correlation and incident response runbooks; hands-on vulnerability management at scale; applied knowledge of RMF, FedRAMP, and CMMC ConMon requirements; alignment with NIST SP 800-137, SP 800-53/53A, and related guidance.
• Strong stakeholder management, negotiation, and communication skills to drive standardization without eroding domain autonomy.
• Proven root-cause analysis across layered architectures and proactive engineering to prevent alert fatigue and reduce mean time to detect/respond (MTTD/MTTR).
• Governance experiences in establishing common metrics, policies, and procedures for ConMon across disparate domains; ability to lead through influence.
• Prior work in highly federated federal environments and complex inter-component data sharing.
• Direct Experience with Monitoring & Tooling (non-exhaustive):
• Asset Management: CMDB (asset discovery, incident/change integration, visualization)
• CDM Data Platform: Elastic
• General Monitoring/Telemetry: Datadog; next-gen/firewall telemetry ingestion
• GRC: Archangel (or equivalent eGRC)
• Network/IDS/IPS Telemetry: Azure Firewall (and related network security services)
• SIEM: Splunk, SolarWinds Security Event Manager (SEM), Microsoft Sentinel
• Storage/Lakehouse: Data lakes for security/ops analytics
• Vulnerability Management: Tenable, Rapid7, Qualys, Wiz
• XDR/EDR: Microsoft Defender

Certifications/Licenses:

• Bachelor’s degree in computer science, MIS/IT, Engineering, Information Security/IA, or related field (or equivalent experience).
• One or more preferred certifications: CISSP, CISM, CISA, CAP, GSEC, Security+, CRISC, CEH, or equivalent.
• Active Top Secret (TS) clearance (or higher) required.