Senior Information Security Specialist-SECRET CLEARANCE REQUIRED
Primary Responsibilities:
Execute and support the Risk Management Framework (RMF) lifecycle including system categorization, control selection, implementation, assessment, and authorization.
Develop, maintain, and validate System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans (CPs), and related compliance documentation.
Conduct and lead vulnerability assessments, leveraging tools such as Nessus, ACAS, and Fortify to identify and prioritize remediation efforts.
Perform continuous monitoring of security controls and produce metrics, dashboards, and evidence in support of ATO renewals and sustainment.
Analyze and respond to security incidents, working with SOC personnel and SIEM tools to evaluate logs, investigate events, and contain potential threats.
Conduct internal audits and risk assessments to validate the effectiveness of implemented controls and identify compliance gaps.
Provide security guidance to engineering and development teams, ensuring adherence to cybersecurity standards in a DevSecOps environment.
Stay informed of evolving threats, vulnerabilities, and regulatory changes to proactively enhance security postures.
Coordinate with Security Control Assessors (SCAs), ISSOs, system owners, and federal stakeholders on audit readiness and policy compliance.
Draft and enforce cybersecurity policies, SOPs, and standards that support mission-critical systems across hybrid environments.
All other duties as assigned by management.
Qualifications
Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
Minimum of five (5) years of experience in experience with vulnerability scanning tools and security assessment methodologies.
Minimum of five (5) years of experience with network security, firewall management, intrusion detection/prevention systems (IDS/IPS).
Minimum of (5) years of experience with Security Information and Event Management (SIEM).
Minimum of five (5) years of experience in the risk management framework.
Basic knowledge of the following: Active Directory, UNIX, RHEL, Windows, Relational Databases.
Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.
Must have an active DoD Secret Clearance.
$45 - $49 an hour
About the job
Apply for this position
Senior Information Security Specialist-SECRET CLEARANCE REQUIRED
Primary Responsibilities:
Execute and support the Risk Management Framework (RMF) lifecycle including system categorization, control selection, implementation, assessment, and authorization.
Develop, maintain, and validate System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans (CPs), and related compliance documentation.
Conduct and lead vulnerability assessments, leveraging tools such as Nessus, ACAS, and Fortify to identify and prioritize remediation efforts.
Perform continuous monitoring of security controls and produce metrics, dashboards, and evidence in support of ATO renewals and sustainment.
Analyze and respond to security incidents, working with SOC personnel and SIEM tools to evaluate logs, investigate events, and contain potential threats.
Conduct internal audits and risk assessments to validate the effectiveness of implemented controls and identify compliance gaps.
Provide security guidance to engineering and development teams, ensuring adherence to cybersecurity standards in a DevSecOps environment.
Stay informed of evolving threats, vulnerabilities, and regulatory changes to proactively enhance security postures.
Coordinate with Security Control Assessors (SCAs), ISSOs, system owners, and federal stakeholders on audit readiness and policy compliance.
Draft and enforce cybersecurity policies, SOPs, and standards that support mission-critical systems across hybrid environments.
All other duties as assigned by management.
Qualifications
Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education.
Minimum of five (5) years of experience in experience with vulnerability scanning tools and security assessment methodologies.
Minimum of five (5) years of experience with network security, firewall management, intrusion detection/prevention systems (IDS/IPS).
Minimum of (5) years of experience with Security Information and Event Management (SIEM).
Minimum of five (5) years of experience in the risk management framework.
Basic knowledge of the following: Active Directory, UNIX, RHEL, Windows, Relational Databases.
Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.
Must have an active DoD Secret Clearance.
$45 - $49 an hour