Cyber Security Analyst

Job Category: Cyber Security
Job Type: Hybrid
Job Location: Augusta Maine
Compensation: Depends on Experience
W2: W2-Contract Only; Kindly note that applications on a C2C basis will not be considered for this role.

US Work Authorization Requirement:
Candidates must be legally authorized to work in the United States without employer sponsorship. This includes, but is not limited to, U.S. Citizens, Permanent Residents, and other individuals with valid U.S. work authorization.

Job Description: 

The Office of Information Services (OIS) supports the Maine Department of the Secretary of State (SoS) by managing secure, reliable technology services for citizens and businesses across the State of Maine. We are seeking a Senior Cyber Security Analyst to strengthen our information security program and support the implementation of the NIST Cybersecurity Framework (CSF) 2.0 for Moderate impact information systems.

This role works closely with the OIS Information Security Officer and senior IT leadership to assess, document, implement, and monitor security controls, while preparing systems and applications for independent third-party security assessments. The ideal candidate brings deep hands-on security expertise, strong documentation skills, and the ability to collaborate effectively across technical and business teams.

Key Responsibilities

  • Lead and support the implementation of NIST CSF 2.0 across enterprise systems and applications.
  • Assess security controls and document implementation status, risks, and gaps.
  • Develop and maintain core security documentation, including System Security Plans (SSP), Business Impact Analyses (BIA), Contingency Plans, Change Management Plans, and related governance artifacts.
  • Create and manage Plans of Action and Milestones (POA&M) to track remediation efforts and risk mitigation activities.
  • Collaborate with the CIO, Information Security team, system owners, and stakeholders to ensure security controls are properly implemented and monitored.
  • Provide subject matter expertise in risk assessment, technical security controls, SIEM, and XDR solutions.
  • Support audit readiness and preparation for independent security assessments.
  • Mentor junior team members and promote security best practices across the organization.

Required Qualifications

  • Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).
  • 7+ years of experience in information security, including senior or lead-level responsibilities.
  • Strong hands-on experience in risk management, security assessments, security architecture, and incident response.
  • Solid understanding of enterprise IT infrastructure and security operations.
  • In-depth knowledge of NIST Cybersecurity Framework (CSF) and/or NIST Risk Management Framework (RMF).
  • Excellent written and verbal communication skills, with the ability to produce high-quality security documentation.
  • Preferred Qualifications
  • Industry certifications such as CISSP, CISM, or CISA
  • Experience supporting government or public-sector environments
  • Familiarity with third-party audits and compliance assessments