Futrend Technology Inc. is seeking an IT Cloud Security Analyst to join our security compliance team. In this role, you will work closely with the customer’s Information Systems Security Officer (ISSO) and play a critical part in safeguarding NLM’s IT infrastructure. The role focuses on implementing security controls, ensuring compliance with federal cybersecurity framework and support secure cloud adoption across multiple platforms. The analyst works closely with end point owners, infrastructure and network security teams, and with enterprise security teams to meet NIH mandates. You will be part of a broader IT program that provides end-to-end support-including help desk, systems, network, incident response and security services-ensuring the availability, integrity, and confidentiality of mission-critical systems. This position is based in Bethesda, MD and requires onsite presence 3 to 5 days/week. Responsibilities

• Implement security controls, and ensure compliant cloud environments on AWS, GCP, or Azure adhering to FISMA, NIH policy, and federal security requirements
• Recommend, design and support Cloud security services and control implementation including Identity Access, Privileged access, Vulnerability management, Configuration compliance, encryption, and centralized security log management
• Monitor cloud environments for security events, anomalies, and configuration drift using SIEM (e.g., Splunk), conduct vulnerabilities assessments, track remediation and maintain dashboards with measurable metrics to report overall security posture
• Integrate and optimize enterprise security solutions such as Splunk, Tenable and other data sources to enhance continuous monitoring, event correlation, and compliance visibility across NLM’s hybrid environment
• Investigate and respond to security incidents and alerts, perform root-cause analysis and proper remediation actions and reporting per NIH’s established incident response plan
• Conduct threat modeling and security assessments of cloud deployments to identify and mitigate vulnerabilities, develop security requirements and provide guidance for applications migrating from on-prem implementations to the cloud environment
• Enhance and automate security and compliance checks using a combination of available tools and scripting; evaluate emerging platforms (like AI-based capabilities) to improve coverage, visibility, and operational efficiency
• Provide security guidance, best practices, and compliance support to developers, operations teams, system owners and other stakeholders, promoting security awareness

Required Qualifications

• Proven experience securing cloud environments (AWS, GCP or AZURE), preferably within FISMA compliance frameworks
• Strong working knowledge of AWS, GCP or Azure cloud security, including logging, tagging strategies, ephemeral resource tracking, and cross-platform operations
• In-depth knowledge and demonstrated experience of applying federal compliance frameworks including FISMA, NIST 800-53, FedRAMP, RMF, NIH policy and supporting system authorization processes (ATO, POA&M) and policies to information systems
• Hands-on work experience with automation, security event correlation, asset inventory tracking and SEIM management (preferably in SPLUNK), utilizing scripting or programming such as PowerShell, Bash, Python or equivalent and use of APIs
• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field (or equivalent practical experience in Cloud security)
• 5+ years of experience in information security, with at least 3 years focused on cloud security, administration of Linux and Windows endpoints, strong understanding of network and firewall operations
• Strong written and verbal communication skills, with the ability to produce clear security documentation and effectively communicate technical concepts to technical and non-technical stakeholders
• Experience working in regulated federal environments with complex governance and compliance requirements; collaborating and guiding multi-disciplinary teams managing servers, workstations, network appliances, security appliances
• Certifications: CISSP (or ability to obtain within 6 months)

Desired Qualifications

• AWS/GCP/Azure Certified - Specialty certifications
• Advanced Linux and Windows administration experience
• Experience with container security (like Docker & Kubernetes)

PI988200d3d24a-4435