Senior Information Security Specialist-SECRET CLEARANCE REQUIRED

Primary Responsibilities:

• Execute and support the Risk Management Framework (RMF) lifecycle including system categorization, control selection, implementation, assessment, and authorization.
• Develop, maintain, and validate System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans (CPs), and related compliance documentation.
• Conduct and lead vulnerability assessments, leveraging tools such as Nessus, ACAS, and Fortify to identify and prioritize remediation efforts.
• Perform continuous monitoring of security controls and produce metrics, dashboards, and evidence in support of ATO renewals and sustainment.
• Analyze and respond to security incidents, working with SOC personnel and SIEM tools to evaluate logs, investigate events, and contain potential threats.
• Conduct internal audits and risk assessments to validate the effectiveness of implemented controls and identify compliance gaps.
• Provide security guidance to engineering and development teams, ensuring adherence to cybersecurity standards in a DevSecOps environment.
• Stay informed of evolving threats, vulnerabilities, and regulatory changes to proactively enhance security postures.
• Coordinate with Security Control Assessors (SCAs), ISSOs, system owners, and federal stakeholders on audit readiness and policy compliance.
• Draft and enforce cybersecurity policies, SOPs, and standards that support mission-critical systems across hybrid environments.
• All other duties as assigned by management.

Qualifications

• Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
• Minimum of five (5) years of experience in experience with vulnerability scanning tools and security assessment methodologies.
• Minimum of five (5) years of experience with network security, firewall management, intrusion detection/prevention systems (IDS/IPS).
• Minimum of (5) years of experience with Security Information and Event Management (SIEM).
• Minimum of five (5) years of experience in the risk management framework.
• Basic knowledge of the following: Active Directory, UNIX, RHEL, Windows, Relational Databases.
• Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.
• Must have an active DoD Secret Clearance.