Senior Information Security Specialist – Secret Clearance Required

Job Description: • Execute and support the Risk Management Framework (RMF) lifecycle including system categorization, control selection, implementation, assessment, and authorization. • Develop, maintain, and validate System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans (CPs), and related compliance documentation. • Conduct and lead vulnerability assessments, leveraging tools such as Nessus, ACAS, and Fortify to identify and prioritize remediation efforts. • Perform continuous monitoring of security controls and produce metrics, dashboards, and evidence in support of ATO renewals and sustainment. • Analyze and respond to security incidents, working with SOC personnel and SIEM tools to evaluate logs, investigate events, and contain potential threats. • Conduct internal audits and risk assessments to validate the effectiveness of implemented controls and identify compliance gaps. • Provide security guidance to engineering and development teams, ensuring adherence to cybersecurity standards in a DevSecOps environment. • Stay informed of evolving threats, vulnerabilities, and regulatory changes to proactively enhance security postures. • Coordinate with Security Control Assessors (SCAs), ISSOs, system owners, and federal stakeholders on audit readiness and policy compliance. • Draft and enforce cybersecurity policies, SOPs, and standards that support mission-critical systems across hybrid environments. • All other duties as assigned by management. Requirements: • Bachelor’s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education. • Minimum of five (5) years of experience in experience with vulnerability scanning tools and security assessment methodologies. • Minimum of five (5) years of experience with network security, firewall management, intrusion detection/prevention systems (IDS/IPS). • Minimum of (5) years of experience with Security Information and Event Management (SIEM). • Minimum of five (5) years of experience in the risk management framework. • Basic knowledge of the following: Active Directory, UNIX, RHEL, Windows, Relational Databases. • Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred. • Must have an active DoD Secret Clearance. Benefits: Apply tot his job