Job Requirements
Remote
Public Trust Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Security & Compliance Analyst
Edera L3C is a fast-growing healthcare consultancy that addresses today's issues and helps create tomorrow's solutions by connecting the brightest minds in healthcare. Our team of management, technology, and creative services consultants work collaboratively with industry experts who bring deep experience and expertise to create transformational business solutions. We believe complex challenges and multi-faceted opportunities call for multi-disciplinary approaches and that's how we work. We bring industry best practices from the private sector to government and from government to the private sector to transform healthcare. Edera is an L3C (a variation of a limited liability company) that places "purpose before profit;" a social enterprise venture. This means we are focused on a socially beneficial mission to transform organizations rather than being driven to maximize income. Profits beyond our business sustainability goals are reinvested into communities or clients.
We are seeking a Security & Compliance Analyst to support the organization's compliance with CMMC Level 2 requirements. This role focuses on documentation accuracy, monitoring, evidence collection, and ongoing improvement of cybersecurity processes. Remote work options are available.
Employment Details
This position offers flexible engagement options and may be structured as a full-time, part-time, contract, or 1099 role depending on candidate availability and project needs. The role is fully remote and carries no supervisory responsibilities. The position reports directly to the Director of Technology.
Compensation will be determined based on experience, employment status, and market analysis.
Responsibilities:
Required Knowledge and Skills:
Preferred Qualifications
All applicants must be US citizens and able to obtain a Public Trust clearance. Edera participates in the E-Verify program. Edera is a drug-free workplace.
Edera is an Equal Opportunity and Affirmative Action Employer. Edera prohibits discrimination against individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other category protected by law. Edera takes affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability, or veteran status.
Desirable (Not Required) Skills/Experience
All applicants must be US citizens and able to obtain a Public Trust clearance. Edera participates in the E-Verify program. Edera is a drug-free workplace.
Edera is an Equal Opportunity and Affirmative Action Employer. Edera prohibits discrimination against individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other category protected by law. Edera takes affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability, or veteran status.
Edera L3C is a fast-growing healthcare consultancy that addresses today's issues and helps create tomorrow's solutions by connecting the brightest minds in healthcare. Our team of management, technology, and creative services consultants work collaboratively with industry experts who bring deep experience and expertise to create transformational business solutions. We believe complex challenges and multi-faceted opportunities call for multi-disciplinary approaches and that's how we work. We bring industry best practices from the private sector to government and from government to the private sector to transform healthcare. Edera is an L3C (a variation of a limited liability company) that places "purpose before profit;" a social enterprise venture. This means we are focused on a socially beneficial mission to transform organizations rather than being driven to maximize income. Profits beyond our business sustainability goals are reinvested into communities or clients.
We are seeking a Security & Compliance Analyst to support the organization's compliance with CMMC Level 2 requirements. This role focuses on documentation accuracy, monitoring, evidence collection, and ongoing improvement of cybersecurity processes. Remote work options are available.
Employment Details
This position offers flexible engagement options and may be structured as a full-time, part-time, contract, or 1099 role depending on candidate availability and project needs. The role is fully remote and carries no supervisory responsibilities. The position reports directly to the Director of Technology.
Compensation will be determined based on experience, employment status, and market analysis.
Responsibilities:
- Maintain the Compliance Management System (CMS), including evidence, policies, control mappings, and quarterly updates.
- Support updates to the System Security Plan (SSP), ensuring descriptions of boundaries, inherited controls, and implementations match actual system configurations.
- Update and track POA&M items and maintain Customer Responsibility Matrices (CRMs).
- Perform weekly device compliance checks and monthly vulnerability reports; track endpoint remediation activities.
- Review Azure AD sign in logs, Microsoft Sentinel analytics rules, and Microsoft Defender alerts for accuracy and anomalies.
- Maintain audit logging evidence, retention documentation, and quarterly security posture summaries.
- Support identity and access management by validating MFA enforcement, privileged account inventories, and least privilege access reviews.
- Maintain hardware/software inventories, configuration baselines, and documentation of authorized changes.
- Track personnel security requirements including training, policy acknowledgment, CUI/Insider Threat training, and background check evidence.
- Support Incident Response Plan updates, incident documentation, and annual tabletop exercise execution.
- Conduct vulnerability scans, track remediation timelines, and support quarterly risk assessments.
- Validate boundary protections, encryption controls, removable media restrictions, and other system safeguards.
- Maintain malware protection settings, monitor federal security advisories, and track flaw remediation timelines.
- Prepare evidence packets and maintain readiness for CMMC Level 2 assessments.
Required Knowledge and Skills:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or equivalent experience
- Understanding of CMMC, NIST 800 171, DFARS, and general cybersecurity principles
- Experience with Microsoft 365 security tools (Azure AD, Microsoft Defender, SIEM/Sentinel)
- Strong analytical, documentation, and communication skills
- Ability to work independently in a remote or hybrid environment
Preferred Qualifications
- Security+, SSCP, or similar foundational certifications
- Experience supporting audits, assessments, or cybersecurity governance activities
All applicants must be US citizens and able to obtain a Public Trust clearance. Edera participates in the E-Verify program. Edera is a drug-free workplace.
Edera is an Equal Opportunity and Affirmative Action Employer. Edera prohibits discrimination against individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other category protected by law. Edera takes affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability, or veteran status.
Desirable (Not Required) Skills/Experience
- PMP or SAFe certification
- Prior military or DHA experience
All applicants must be US citizens and able to obtain a Public Trust clearance. Edera participates in the E-Verify program. Edera is a drug-free workplace.
Edera is an Equal Opportunity and Affirmative Action Employer. Edera prohibits discrimination against individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other category protected by law. Edera takes affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identify, national origin, disability, or veteran status.
group id: 91124723
