Due Diligence Intel/Cybersecurity Analyst

Position Overview

The Intelligence and Cybersecurity Analyst will function as the team Intelligence and Cyber SME incorporating functionality within Intelligence and Cybersecurity supporting due diligence security team functions. The analyst serves as a critical advisor and liaison within the U.S. Army SBIR/STTR & xTECH program, ensuring the secure development, transition, and integration of innovative technologies. This role is responsible for intelligence investigations and analysis, cybersecurity, IT risk management, security compliance, and stakeholder coordination between Army entities, small business innovators, and external agencies. The SME will facilitate secure collaboration, oversee risk management and cybersecurity compliance, and support the implementation of DoD security frameworks (e.g., NIST, RMF, CMMC, DFARS 252.204-7012) to safeguard Army-funded research and development (R&D) initiatives. The role of the Cybersecurity Analyst encompasses comprehensive support and oversight across various critical areas. These areas include:

• Factor 1: Foreign Talent Recruitment Program – Monitoring and assessing the integration and influence of foreign talent within the organization.
• Factor 2: Foreign Ownership/Control – Evaluating the extent and implications of foreign ownership and control over company operations.
• Factor 3: Foreign Patents, Intellectual Property, and Technology Transfers – Safeguarding the integrity and security of intellectual property and technology exchange.
• Factor 4: Financial Obligations – Analyzing financial commitments to ensure compliance with regulatory and security standards.
• Factor 5: Foreign Affiliations – Investigating and managing affiliations with foreign entities to mitigate security risks.
• Factor 6: Cyber and IT Infrastructure – Strengthening cybersecurity measures and IT systems to protect organizational assets.
• Factor 7: Contracts and Fraud – Ensuring the integrity and security of contractual engagements to prevent fraudulent activities.
• Factor 8: Technology and Critical Program Information – Protecting critical program information and technological assets from unauthorized access and exploitation.

The Intelligence/Cybersecurity Analyst will operate as part of a Due Diligence team and will support the team in conducting both initial and ongoing reviews of companies that receive funding for research under Army SBIR/STTR and xTech programs.

Key Responsibilities

Cybersecurity & IT Risk Management

• Provide expert guidance on cybersecurity best practices, risk mitigation, and secure system architecture for Army SBIR/STTR projects.
• Ensure compliance with DoD cybersecurity policies, including NIST 800-171, CMMC, RMF, and DFARS cybersecurity requirements for small business awardees.
• Assess and mitigate cyber risks associated with small business contractors handling Controlled Unclassified Information (CUI) or classified data.
• CMMC self or 3PAO certification verification.

Security Operations & Compliance Oversight

• Ensure Facility Security Clearance (FCL) and personnel security clearance (PCL) processes are managed in accordance with DoD guidelines.
• Conduct security audits, vulnerability assessments, and risk evaluations for Army SBIR/STTR participants.
• Oversee protection of Critical Program Information (CPI), export-controlled data (ITAR/EAR), and intellectual property (IP) in Army-funded R&D projects.
• Coordinate with Army Counterintelligence (CI), DCSA, and intelligence community stakeholders to identify and mitigate foreign influence threats.

Liaison & Stakeholder Coordination

• Serve as a liaison between the Army, small business innovators, cybersecurity teams, and external security agencies.
• Facilitate secure collaboration between government program managers, acquisition professionals, and small business contractors.
• Represent the Army SBIR/STTR security team at interagency meetings, cybersecurity working groups, and risk management briefings.
• Provide cybersecurity and security training, briefings, and policy guidance to Army personnel and SBIR/STTR participants.

Incident Response & Crisis Management

• Support cyber incident response operations, ensuring Army SBIR/STTR participants adhere to reporting requirements under DFARS 7012 and DoD cyber directives.
• Coordinate with DoD Cyber Crime Center (DC3), Army Cyber Command, and intelligence agencies in response to cyber threats targeting Army-funded technologies.
• Develop and test incident response plans (IRPs), business continuity plans (BCPs), and disaster recovery strategies for Army SBIR/STTR projects.

Required Qualifications

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Security Studies, or a related field.
• 10+ years of experience in intelligence, analysis, cybersecurity, IT security, or related fields within a DoW or federal environments.
• Strong knowledge of DoD cybersecurity frameworks, RMF, NIST 800-171, CMMC, and DFARS cybersecurity requirements.
• Experience with cloud security (AWS, Azure, Google Cloud), Zero Trust Architecture, and secure software development (DevSecOps).
• Familiarity with Facility Security Clearance (FCL), ITAR/EAR compliance, and insider threat mitigation.
• Ability to conduct risk assessments, security audits, and threat analysis.
• Excellent communication skills with experience in liaison roles between military, government, and industry stakeholders.
• DoD Top Secret with SCI eligibility

Preferred Qualifications

• Master’s degree in Cybersecurity, Intelligence, or a related field.
• Certifications: Intelligence Community (IC) certifications, CISSP, CISM, CISA, CEH, Security+, CMMC Assessor, DoD Security Professional Education Development (SPeD).
• Prior experience supporting DoD SBIR/STTR programs, technology transfer, or classified R&D environments.
• Military, intelligence, or federal law enforcement experience with counterintelligence, insider threat programs, and security operations.

Work Environment & Travel

• Position may require on-site work at Army or DoD facilities.
• Some travel may be required for security audits, stakeholder meetings, and program oversight.
• Must be able to obtain and maintain security clearance as required by the position.