Cybersecurity Research Analyst (Federal Focus)

Job Description

Job Description

About Merlin Group

Merlin Group operates at the intersection of cyber innovation, national security, and technology-driven transformation. With a mission to accelerate the adoption of high-impact technologies across the U.S. public sector and regulated commercial markets, Merlin is uniquely structured around three core tenets – Invest, Enable, and Scale – each designed to address a specific stage of the technology lifecycle. Together, our affiliates – Merlin Ventures, CGC, and Merlin Cyber – form a flywheel that builds enduring capability for customers, partners, and the broader cyber ecosystem, operationalizing technological advancement into mission-ready, enterprise-grade solutions.

At Merlin, we believe our strength lies in our people. Team members are encouraged to be creative, collaborative, and nimble, pursuing paths to deliver the cutting-edge cybersecurity solutions that our customers rely on. From next-generation cyber defense to secure cloud and AI, we are united by one purpose – transforming innovation into mission impact.

The Opportunity

Merlin is seeking a federally focused Cybersecurity Research Analyst to lead the development of in-depth, decision-grade market and technical analyses for ISVs/OEMs and the broader cybersecurity market. As part of the Merlin team, you will inform our tech-scouting capability, support business decisions, and deliver valuable insights for Merlin and the ISV/OEM ecosystem. This role combines broad knowledge of the cybersecurity market with practical IT/cybersecurity experience and a strong grasp of U.S. federal IT/cybersecurity requirements, frameworks, solution design patterns, architectures, and programs. You will drive a repeatable analysis practice and deliver concise, visual, and comprehensive reports and briefings that accelerate informed and effective decision-making. You will be responsible for managing and evolving the company’s information library related to the cybersecurity capabilities deployed across U.S. Federal Civilian and DoD – what tools are used at a Department/Agency, how tools are licensed, capability gaps, existing and emerging technologies to fill those gaps, and where modernization and optimization opportunities exist.

Primary Duties & Responsibilities

Lead Market & Technical Analysis (Primary)

• Lead and mature the technical analysis capability for Merlin – scoping and producing decision-grade market and technical evaluation reports for ISVs/OEMs and market segments relevant to Merlin.
• Produce landscape overviews (missions, buyers, segments), competitive positioning, product and architecture deep dives, integration/interop patterns, pricing/licensing, and federal suitability assessments.
• Map capabilities to federal frameworks and guidance (e.g., NIST RMF/800-53/171/172, FedRAMP, FIPS 140-3, TIC 3.0, EO 14028, Zero Trust strategies) and to mission outcomes across civilian and DoD/IC environments.
• Drive clear recommendations (go/no-go, due diligence focus areas, proof points) with supporting evidence and measurable evaluation criteria.

Information Library Management (Federal Deployments)

• Develop and evolve Merlin’s authoritative information library on cybersecurity capabilities deployed across U.S. Federal Civilian and DoD: by department/agency, sub-agency, and major program.
• Catalog which tools/technologies are used where (product/version, hosting model, ATO status, deployment patterns, interdependencies) and relevant contract/program context.
• Track licensing constructs and utilization (price tiers, ELA/true-up patterns, GovCloud vs. commercial differentials) to surface optimization and modernization opportunities.
• Identify capability gaps by mission area and zero-trust pillar; map existing solutions and emerging technologies to address those gaps, including migration and integration considerations.
• Publish dashboards and periodic briefs on adoption trends, cost/usage insights, technical overlaps, consolidation/rationalization opportunities, and modernization roadmaps.
• Establish data governance for the library (sources of truth, update cadence, lineage, quality checks) and ensure proper handling of sensitive information.

Pipeline & Stakeholder Management

• Manage a pipeline of analysis requests from tech-scouting, Merlin Ventures, and senior leadership—intake, scoping, prioritization, SLAs, and progress reporting.
• Coordinate interviews with stakeholders and vendors; partner with Merlin Labs solution engineering, Constellation GovCloud (CGC) product, and go-to-market teams to validate assumptions and surface integration considerations.
• Maintain standardized, reusable templates and a living backlog of requests; ensure traceability, versioning, and quality controls.

Tool-Enabled Research & Reporting

• Leverage productivity tooling (subscriptions to research and advisory services, government spend data, collection/automation scripts, GenAI for first-draft synthesis, diagramming, and data visualization) to accelerate speed-to-insight and improve quality.
• Provide in-depth research with insights and analysis of the federal market opportunity.
• Deliver executive-ready artifacts (dashboards, one-pagers, decision memos, briefings) that crisply communicate findings, options, and recommendations.
• Continuously iterate on templates, checklists, and scoring rubrics for consistent, repeatable analyses.

Federal Context & Technical Depth

• Translate federal requirements, acquisition pathways, and ATO considerations into practical evaluation criteria and deployment patterns (e.g., FedRAMP, AWS GovCloud/Azure Government, on-prem, hybrid).
• Assess solutions’ applicability and viability against federal requirements; validate architectures and design patterns across identity, data, endpoint, network, cloud, application, SIEM/SOAR, threat intel, AI/ML security, ICS/OT, and zero-trust pillars.
• Validate claims via documentation reviews, labs/POCs, and references with practitioners; document caveats and residual risks.

Governance, Quality, and Knowledge Management

• Uphold editorial standards for accuracy, sourcing, and analytic rigor; run peer reviews and red-team reads for critical deliverables.
• Curate a searchable knowledge base (vendor briefs, decision memos, scorecards) and maintain currency with evolving federal guidance and market signals.

Qualifications

Required

• Bachelor’s degree in cybersecurity, computer science, information systems, or related field (or equivalent practical experience).
• 5–8+ years in cybersecurity/IT market and technical research or solution analysis, including work with U.S. federal programs.
• Demonstrated breadth across security domains (identity, data, endpoint, network, cloud, application, logging/analytics) and depth in at least two.
• Proven ability to produce executive-ready reports and presentations; skilled at distilling complex technical topics into clear recommendations.
• Hands-on experience with research/analysis tooling (diagramming, data visualization; scripting for data collection/cleaning ; collaborative docs).
• Working knowledge of federal frameworks and environments (NIST RMF/800-53/171/172, FedRAMP, FIPS 140-3, TIC 3.0, EO 14028, DoD/IC ZT strategies).
• Experience coordinating multi-stakeholder requests, balancing priorities, and meeting SLAs in a fast-paced environment.
• Experience building and maintaining structured knowledge repositories or information libraries (taxonomies, metadata, governance, dashboards) covering agency-level technology deployments, licensing, and adoption patterns.

Preferred

• Relevant technical certifications (e.g., CISSP, CCSP, CISM, CEH, Zero Trust, Security+ or equivalent).
• Experience in pre-sales engineering or advisory consulting (discovery, solution design, demos/POCs).

Work Environment & Location

• Hybrid or remote role; however, candidates located near the DMV (D.C., Maryland, Virginia) are preferred due to occasional collaborative sessions at our headquarters in Tysons, VA.

Success Attributes

• Commitment to personal and professional integrity and respect for others.
• Roll-up-your-sleeves attitude and low-ego approach.
• Commitment to teamwork and professional relationship development.
• Passion for lifelong learning, growth, and development.
• Flexible and nimble; comfortable with ambiguity and rapid change.
• Strong communication and functional project management skills.
• Desire to innovate, try new things, and creatively explore novel solutions to business challenges.
• Professional and respectful approach to the diversity of thought, action, identity, and attributes.

Benefits & Perks

We want to empower and inspire employees to be and do their best. Our workdays are dynamic, collegial, and fun. Our office features multiple places to work unconstrained by typical office barriers. Our wellness package provides access to an on-site gym and includes medical, dental, and vision insurance along with options for FSA and EAP. We offer 401(k) with employer match, unlimited PTO, and a culture respectful of the reality that not everything in one’s personal life is guaranteed to happen only after hours.

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran, or any other status protected by applicable federal, state, local, or international law.