Role Description

cFocus Software seeks a Security Operations / Firewall Analyst to join our program supporting the National Institutes of Health (NIH). This position is remote and requires a Public Trust clearance.

• Monitor cybersecurity tools and alerts to detect and respond to potential security incidents.
• Support Security Operations Center (SOC) activities including threat monitoring and alert analysis.
• Assist with firewall configuration, rule management, and network segmentation enforcement.
• Analyze system and network logs to identify suspicious or unauthorized activities.
• Coordinate with cybersecurity teams to respond to incidents and mitigate vulnerabilities.
• Monitor SIEM platforms, IDS/IPS systems, endpoint protection tools, and other security monitoring systems.
• Investigate security alerts and escalate incidents based on severity and impact.
• Perform analysis of network traffic and endpoint telemetry to identify indicators of compromise.
• Track and document incident investigations and response activities.
• Provide operational monitoring support during high-volume security events or incidents.
• Manage firewall rules to enforce least privilege and default-deny access policies.
• Support configuration management and change control processes for firewall rule updates.
• Conduct routine firewall rule reviews to identify obsolete or unnecessary access rules.
• Validate firewall configurations and ensure compliance with HHS and NIH security standards.
• Support network segmentation and security zone management to protect sensitive systems.
• Validate and monitor logs generated by network and security devices.
• Ensure logging configurations comply with federal cybersecurity guidance including OMB M-21-31.
• Analyze log data to identify anomalies, policy violations, or indicators of malicious activity.
• Assist with cybersecurity compliance activities and audit preparation.

Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
• Minimum 3–5 years of experience supporting security operations, network security monitoring, or firewall administration.
• Experience with SIEM platforms and cybersecurity monitoring tools.
• Familiarity with IDS/IPS systems, endpoint security solutions, and network security technologies.
• Experience supporting firewall administration and rule management.
• Understanding of federal cybersecurity frameworks such as NIST RMF and FISMA.
• Strong analytical, troubleshooting, and documentation skills.