Cyber Security Analyst

Job Category

Cyber Security

Onsite

Augusta Maine

Depends on Experience

W2-Contract Only. Applications on a C2C basis will not be considered.

GC, GC-EAD, H4 EAD, L2S, U.S. Citizen (USC)

This position is open only to candidates authorized to work in the United States under the following visa categories: H4-EAD, Green Card Holder, GC-EAD, U.S. Citizen, L2s, L2-EAD, or J2-EAD. No other visa types are eligible for this role.

The Office of Information Services (OIS) supports the Maine Department of the Secretary of State (SoS) by managing secure, reliable technology services for citizens and businesses across the State of Maine. We are seeking a Senior Cyber Security Analyst to strengthen our information security program and support the implementation of the NIST Cybersecurity Framework (CSF) 2.0 for Moderate impact information systems.

This role works closely with the OIS Information Security Officer and senior IT leadership to assess, document, implement, and monitor security controls, while preparing systems and applications for independent third‑party security assessments. The ideal candidate brings deep hands‑on security expertise, strong documentation skills, and the ability to collaborate effectively across technical and business teams.

• Lead and support the implementation of NIST CSF 2.0 across enterprise systems and applications.
• Assess security controls and document implementation status, risks, and gaps.
• Develop and maintain core security documentation, including System Security Plans (SSP), Business Impact Analyses (BIA), Contingency Plans, Change Management Plans, and related governance artifacts.
• Create and manage Plans of Action and Milestones (POA&M) to track remediation efforts and risk mitigation activities.
• Collaborate with the CIO, Information Security team, system owners, and stakeholders to ensure security controls are properly implemented and monitored.
• Provide subject matter expertise in risk assessment, technical security controls, SIEM, and XDR solutions.
• Support audit readiness and preparation for independent security assessments.
• Mentor junior team members and promote security best practices across the organization.

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience).
• 10+ years of experience in information security, including senior or lead-level responsibilities.
• Strong hands‑on experience in risk management, security assessments, security architecture, and incident response.
• Solid understanding of enterprise IT infrastructure and security operations.
• In‑depth knowledge of NIST Cybersecurity Framework (CSF) and/or NIST Risk Management Framework (RMF).
• Excellent written and verbal communication skills, with the ability to produce high-quality security documentation.

• Industry certifications such as CISSP, CISM, or CISA
• Experience supporting government or public‑sector environments
• Familiarity with third-party audits and compliance assessments