Cybersecurity Analyst assisting in the review and implementation of cybersecurity initiatives across a large environment at Kemper. Responding to cyber threats and improving processes and technologies.
About the role
- Cybersecurity Analyst leading CMMC compliance efforts for GM Defense and U.S. Government programs. Collaborating with multiple teams to ensure adherence to cybersecurity standards.
Responsibilities
- Drive the overall governance for government programs.
- Execute annual self-assessments (Continuous Monitoring) on CMMC/NIST controls and document findings.
- Coordinate internal teams (IAM, cloud, infrastructure, SOC, endpoint, vulnerability management, application owners) to validate control implementation and operational effectiveness.
- Identify compliance gaps, manage security exceptions (POA&Ms), and drive remediation prior to audit or customer assessments.
- Lead CMMC readiness and sustainment activities for GM Defense programs, aligned to NIST SP 800‑171 and DoD expectations for CUI protection.
- Build and maintain assessment‑ready evidence packages (policies, procedures, configurations, logs, tickets, reports) aligned to CMMC and DFARS requirements.
Requirements
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or equivalent practical experience.
- 5+ years of cybersecurity experience in regulated or government‑contract environments.
- Experience supporting federally regulated cybersecurity requirements.
- Experience preparing for third‑party or government assessments.
- Ability to translate and communicate DoD cybersecurity requirements for application teams.
- Knowledge in the following areas: Identity & Access Management (IAM): RBAC, least privilege, privileged access workflows, MFA, service accounts, access reviews, joiner/mover/leaver processes.
- Windows & Linux security: GPO/Intune or equivalent, local admin controls, secure baselines (e.g., CIS-aligned), logging configuration, patch management, hardening validation.
- Network security: segmentation concepts, firewall rulesets, VPN/ZTNA, secure remote administration, network device logging, NAC fundamentals, DNS security basics.
- Endpoint security: EDR capabilities, alert triage/validation, policy enforcement, device encryption, removable media controls.
- Vulnerability management: scan coverage, risk-based prioritization, remediation workflows, exception handling, validation reporting.
- SIEM/logging: ability to define log requirements, validate ingestion/retention, produce audit-ready log evidence, and explain detections and response workflows.
- Practical experience with the following: Working knowledge of FAR and DFARS cybersecurity clauses, including contractor responsibilities for safeguarding CUI and incident reporting.
- Understanding of government system authorization concepts, shared responsibility models, and secure enclave design.
- Experience supporting cybersecurity requirements within defense programs, manufacturing, engineering, or supply‑chain environments.
- Experience with secure enclave design, CUI boundary segmentation, or regulated environments in automotive/manufacturing/supply chain contexts.
Benefits
- From day one, we're looking out for your well-being–at work and at home–so you can focus on realizing your ambitions.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Information Security Analyst managing Information Security Management System at BMLL Technology. Supporting compliance with ISO 27001 and enhancing security measures.
Graduate Cyber Security Analyst at McKesson participating in a 24 - month Cyber Academy program. Monitor security alerts and contribute to incident response efforts while gaining mentorship.
Threat Intelligence Analyst role analyzing cyber threats and providing strategic recommendations. Working with cybersecurity teams at PwC Canada to safeguard client data and systems.
Contract Security Analyst specializing in security operations and incident response for cloud security at Embark. Focus on alert handling, detection engineering, and data loss prevention.
Cyber Security Analyst providing security operations support for USAF Cloud One project. Engaging in incident response and cybersecurity compliance activities within a hybrid environment.
Cybersecurity Analyst responsible for monitoring, analyzing, and responding to security incidents in SOC. Developing detection rules and conducting threat - hunting campaigns within a hybrid work setup.
Information Security Analyst working with Optasia to enforce security controls and protect data. Collaborating on technical projects and auditing systems in a hybrid work environment.
Cyber Security Analyst investigating and responding to security events at A+E Global Media. Collaborating cross - functionally to improve detection and response processes.
Information Security Analyst handling security monitoring and incident response tasks for educational technology company. Collaborating with IT teams to enhance security measures and compliance.