Senior Information Security Specialist-SECRET CLEARANCE REQUIRED

Primary Responsibilities:

• Execute and support the Risk Management Framework (RMF) lifecycle including system categorization control selection implementation assessment and authorization.

• Develop maintain and validate System Security Plans (SSPs) Security Assessment Reports (SARs) POA&Ms Contingency Plans (CPs) and related compliance documentation.

• Conduct and lead vulnerability assessments leveraging tools such as Nessus ACAS and Fortify to identify and prioritize remediation efforts.

• Perform continuous monitoring of security controls and produce metrics dashboards and evidence in support of ATO renewals and sustainment.

• Analyze and respond to security incidents working with SOC personnel and SIEM tools to evaluate logs investigate events and contain potential threats.

• Conduct internal audits and risk assessments to validate the effectiveness of implemented controls and identify compliance gaps.

• Provide security guidance to engineering and development teams ensuring adherence to cybersecurity standards in a DevSecOps environment.

• Stay informed of evolving threats vulnerabilities and regulatory changes to proactively enhance security postures.

• Coordinate with Security Control Assessors (SCAs) ISSOs system owners and federal stakeholders on audit readiness and policy compliance.

• Draft and enforce cybersecurity policies SOPs and standards that support mission-critical systems across hybrid environments.

• All other duties as assigned by management.

Qualifications

• Bachelor’s or Associate's degree in Computer Science Math Information Technology Engineering or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.

• Minimum of five (5) years of experience in experience with vulnerability scanning tools and security assessment methodologies.

• Minimum of five (5) years of experience with network security firewall management intrusion detection/prevention systems (IDS/IPS).

• Minimum of (5) years of experience with Security Information and Event Management (SIEM).

• Minimum of five (5) years of experience in the risk management framework.

• Basic knowledge of the following: Active Directory UNIX RHEL Windows Relational Databases.

• Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.

• Must have an active DoD Secret Clearance.

$45 - $49 an hour