Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Lynk

Security Analyst – ISSO

Lynk

Security Analyst responsible for maintaining compliance programs for Lynk's satellite-to-cellular network. Leading audits and assessments while managing security operations related to CUI systems.

Posted 7/1/2026full-timeChevy Chase • Maryland • 🇺🇸 United StatesMid-LevelSeniorWebsite

Tech Stack

Tools & technologies
AWSCloudCyber Security

About the role

Key responsibilities & impact
  • Own and maintain the System Security Plan (SSP) and Plan of Action & Milestones (POA&M) for all CUI-scoped systems; always keep documentation audit-ready.
  • Assess all 110 NIST SP 800-171 practices for implementation and effectiveness; map existing controls (Wazuh, ThreatDown, Tenable, ManageEngine, AD GPOs, SnipeIT) to CMMC requirements, identify gaps, and drive remediation.
  • Maintain the organizational risk register; support ongoing Risk Management Framework (RMF) processes and report risk posture to the CISO.
  • Lead preparation for CMMC Level 2 assessments — build evidence packages, coordinate with the C3PAO, and manage assessor requests and findings.
  • Develop and maintain cybersecurity policies, procedures, and standards aligned to CMMC, DFARS, SOC 2, and GDPR; ensure version control and staff acknowledgment records are maintained.
  • Define, track, and report security metrics and KPIs to the CISO and non-technical stakeholders including legal, contracts, and business development teams.
  • Support contract teams with DFARS clause requirements, cybersecurity representations, and customer security questionnaires.
  • Conduct vendor and third-party risk assessments; maintain supplier risk documentation.
  • Manage the security awareness training program and phishing simulations; maintain completion records per CMMC requirements.
  • Monitor SIEM for security events and alerts relevant to CUI systems; write and tune detection rules; triage and escalate incidents; produce post-incident reports with compliance impact assessment. Leverage audit log aggregation to satisfy CMMC AU (Audit & Accountability) control evidence requirements.
  • Monitor EDR alerts for CUI-scoped endpoints; investigate detections and coordinate response with IT.
  • Work with IT to ensure vulnerability findings are remediated within CMMC-required timeframes, track and report on remediation status.
  • Leverage MDM and Active Directory to enforce device compliance, GPO-based security baselines, and access control policies across CUI-scoped endpoints.
  • Use asset inventory as the authoritative hardware/software asset register for CMMC system boundary documentation; keep it current and audit ready.
  • Conduct periodic access control audits; enforce least-privilege across AD, SSO, and SaaS tooling handling CUI.

Requirements

What you’ll need
  • 3–6 years in cybersecurity with a strong GRC or compliance focus; prior ISSO experience or equivalent accountability preferred.
  • Deep, working knowledge of NIST SP 800-171 and DFARS 7012. Able to assess, gap-analyze, and evidence all 110 controls independently.
  • Demonstrated experience authoring SSPs and POA&Ms for government-facing or regulated environments.
  • Familiarity with the CMMC Level 2 assessment process and C3PAO engagement.
  • Hands-on SIEM experience: writing detection rules, querying logs, and generating compliance-grade audit evidence.
  • Hands-on experience with EDR and vulnerability scanning tools in a compliance context. Mapping tool outputs to NIST controls and generating assessor evidence.
  • Working knowledge of SOC 2 Type II and GDPR compliance requirements.
  • Some cloud security fundamentals (AWS preferred). IAM, CloudTrail, GuardDuty, access policies.
  • Clear, structured communicator. Equally comfortable writing formal policy documentation and briefing non-technical executives.
  • US citizenship or Lawful Permanent Resident status.

Benefits

Comp & perks
  • Competitive salary and equity in a company building genuinely novel global infrastructure.
  • Remote-first, US-based role.
  • Direct line to the CISO; your work defines Lynk’s compliance posture at a critical growth stage.
  • A functioning security toolset already in place. Your focus is maturing and aligning it, not standing it up from scratch.
  • Learning and certification budget.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Risk Management Framework (RMF)Plan of Action & Milestones (POA&M)Cybersecurity Policy DevelopmentVulnerability ScanningDetection Rule WritingAccess Control AuditsCloud Security FundamentalsAsset Inventory ManagementCompliance Evidence GenerationThird-Party Risk Assessment
Soft Skills
Clear CommunicationStructured DocumentationCollaboration with Non-Technical Stakeholders