Cybersecurity Audit & Compliance Analyst

TSC is seeking a Cybersecurity Audit & Compliance Analyst to lead the sustainment and programmatic maturation of enterprise security frameworks. This position is responsible for the management of comprehensive cybersecurity policies and the technical validation of security controls to ensure mission-critical systems remain aligned with federal regulatory mandates. The ideal candidate would be located in the Huntsville, AL, Bloomington, IN or DC metro area with the ability to work on a hybrid basis.

The successful candidate will maintain a state of continuous audit-readiness and serve as a key member of the cybersecurity team, helping ensure TSC meets its compliance and audit objectives across a broad set of enterprise systems and applications. They will also contribute to secure rollout of emerging technologies such as AI tools and capabilities. This role provides a unique opportunity to bridge traditional federal compliance with the future of AI-driven defense operations.

Responsibilities

• Help formalize, implement, and maintain enterprise-level cybersecurity and data handling policies. Lead the review and socialization of security mandates to ensure cross-functional alignment with federal standards.
• Develop and maintain the System Security Plan (SSP), Security Assessment Reports (SAR), and associated artifacts to provide a rigorous, defensible account of the security control environment.  
• Support the execution of formal gap analyses and risk assessments across federal regulatory frameworks. Provide data-driven insights to mitigate vulnerabilities.
• Serve as a technical contributor for external federal audits and third-party assessments. Manage the end-to-end evidence lifecycle, ensuring all technical artifacts are verified, organized, and available for regulatory review.
• Serve as a functional representative within the Incident Response (IR) team to document event timelines and post-incident reporting, ensuring all federal reporting obligations are met.
• Oversee management of audit artifacts to ensure they meet requirements and are readily accessible on demand.
• Design and deliver technical cybersecurity training programs, ensuring that the technical workforce understands their specific roles in maintaining our security authorizations.
• Support the cybersecurity team in the administration of security tools, including Microsoft 365 Security and Purview, to monitor data sensitivity, review audit telemetry, and validate that technical configurations consistently mirror established policy.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Systems, or a related field  plus 2-4 years of experience in GRC, Information Assurance, or Technical Compliance within a federal-regulated environment.
• US Citizenship with the ability to obtain and maintain a US security clearance.
• Demonstrated experience in authoring formal cybersecurity policies, procedural documentation, and System Security Plan (SSP).
• Hands-on experience navigating security portals to pull telemetry and verify control status.
• Deep understanding of federal data protection standards and regulatory frameworks.

Preferred Qualifications

• Experience supporting the implementation or administration of advanced security tools such as Microsoft Defender for Endpoint (Plan 2) or Microsoft Sentinel.
• Relevant industry certifications such as Security+, CySA+, Microsoft SC-200, CISA, CCP, CCA, or CISSP.
• Familiarity with the NIST AI Risk Management Framework or general interest in the security governance of Generative AI.

TSC Benefits:

TSC offers a stable work environment, a competitive salary, and a comprehensive benefit package; including ESOP participation, 401K Plan, Flexible Work Schedules, Tuition Reimbursement, Co-Sponsored Health Plan, Paid Leave, and much more.

Applying to TSC:

Only those candidates invited for an interview will be contacted. Employment at TSC is contingent upon the successful completion of a comprehensive background check, security investigation, and a drug screening.

This contractor and subcontractor shall abide by the requirements of 41 CFR 60–1.4(a), 60–300.5(a) and 60–741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation. Moreover, these regulations require that covered prime contractors and subcontractors take affirmative action to employ and advance in employment individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.