IT Security Analyst

ABOUT AGS

AGS Managed IT is a Cyber AB Approved Organization helping defense contractors and other regulated businesses get — and stay — compliant. We do the technical work well and we explain it in plain English. No jargon. No arrogance. Just a team genuinely invested in our clients' outcomes — and in each other.

THE ROLE

Our IT Security Analyst is the person who actually deploys, runs, and looks after the security tools protecting our clients' regulated environments. Most of our clients are defense contractors working under CMMC requirements, so this role lives at the intersection of hands-on technical work and real, audit-ready compliance. If you like enterprise security platforms, care about getting compliance right (not just on paper), and can hold your own in a customer conversation without slipping into jargon — you'll fit right in.

WHAT YOU'LL DO

Run the security tools that keep clients protected

• Install, configure, and tune SIEM, EDR/XDR, vulnerability scanners, log management, and DLP platforms in CMMC-regulated environments.

• Maintain those platforms in line with each client's approved System Security Plan (SSP), monitor health, manage rule sets, and sharpen detection logic.

• Push updates, patches, and configuration changes through formal change management — no cowboy stuff.

Make sure compliance actually holds up

• Align every tool and configuration with CMMC Level 1/2 requirements and the underlying NIST SP 800-171 controls.

• Help build and maintain SSPs, POA&Ms, and the supporting compliance artifacts; produce evidence and documentation for assessments.

• Coordinate with C3PAOs during assessment activities when called on.

Watch for trouble — and respond when it shows up

• Monitor security events for indicators of compromise, suspicious behavior, and policy violations across client environments.

• Triage, investigate, and escalate incidents per documented response plans; dig into endpoint, network, and application logs to support investigations.

• Contribute to post-incident reviews and lessons-learned write-ups so we keep getting better.

Stay ahead of vulnerabilities & be a real partner

• Run scheduled vulnerability scans, prioritize against CMMC requirements, and track remediation through to closure.

• Serve as a technical point of contact for client IT and security teams; translate complex requirements into clear, actionable guidance.

• Write the runbooks, procedures, and reports your future self (and the rest of the team) will thank you for.

WHAT WE'RE LOOKING FOR

Required

• 3+ years in information security, security operations, or IT infrastructure with a security focus. Bachelor's in IT, Cybersecurity, CS, or related field — or equivalent professional experience. We genuinely mean the "or."

• Hands-on deployment experience with at least two of: SIEM, EDR/XDR, vulnerability management, network monitoring, or DLP.

• Working knowledge of NIST SP 800-171 and CMMC Level 1/2 — and what implementing them actually looks like.

• Solid Windows Server, Active Directory, and enterprise networking fundamentals (TCP/IP, DNS, VPN, firewalls); clear understanding of CUI handling; strong written communication.

Nice to have

• Active certification (Security+, CySA+, CISSP, CEH, or equivalent); experience supporting CMMC or NIST 800-171 assessments.

• Scripting (PowerShell, Python, Bash); GCC High or Azure Government experience; familiarity with GRC tooling (Exostar, CYBR, Empower AI); DFARS 252.204-7012 knowledge; prior DIB or federal contracting work.

WHAT SUCCESS LOOKS LIKE

In your first year, you're keeping deployed security platforms healthy and well-tuned, triaging critical alerts within an hour, and remediating critical vulnerabilities within 15 days. SSPs and POA&Ms stay current, evidence is ready when assessors ask, and zero unmitigated CMMC L1/L2 control gaps sit in your assigned environments. The role works from our Madison Heights office with periodic on-site client visits (some access-controlled), occasional lifting up to 25 lbs. during deployments, and on-call rotation for incidents outside normal hours.