Job description

What Your Day-To-Day Looks Like (Position Responsibilities): - Serve as the principal cybersecurity advisor to system owners and stakeholders. - Support and manage the lifecycle of system authorization under the Risk Management Framework (RMF), ensuring timely submission and updates of ATO packages. - Conduct vulnerability assessments using tools such as Nessus and ACSA; monitor and analyze logs and configurations using Splunk. - Implement and assess security controls in cloud-based environments (AWS GovCloud, C2S, SC2S, Azure). - Monitor and maintain operational security of information systems, ensuring compliance with federal and agency-specific regulations. - Draft and maintain security documentation including: - System Security Plan (SSP) - Plan of Action and Milestones (POA&M) - Information System Contingency Plan (ISCP) - Privacy Impact Assessments (PIAs) - Configuration Management Plans (CMPs) - Oversee incident response and reporting, coordinating with OCIO, Security Divisions, and other federal entities as required. - Provide audit support, including FISMA system audits and internal security reviews. - Perform access control and account management duties, including provisioning and reviewing permissions across systems. - Advise development and operations teams on security best practices throughout system design, deployment, and maintenance. - Manage and maintain cloud-native and third-party security tools for vulnerability management, compliance, and threat detection. - Contribute to change management processes and agile development practices to ensure integration of security into all phases of development. What You Need to Succeed (Minimum Requirements): - TS/SCI Clearance - 8 years of experience requied. - Extensive experience with federal cybersecurity frameworks, including RMF, NIST 800-53, CNSS, and FISMA. - Experience supporting cloud security in environments such as AWS GovCloud, C2S, SC2S, and Microsoft Azure. - Hands-on experience with vulnerability assessment and configuration tools such as Nessus, ACSA, and Splunk. - Experience supporting audits and ATO processes in a federal environment. - Familiarity with scripting (e.g., PowerShell, Python) for automation and log analysis. - Experience working with and securing Cross Domain Solutions such as Everfox or Forcepoint. - Strong knowledge of endpoint protection and antivirus solutions, including Microsoft Defender. - Familiarity with log management, monitoring tools, and network security protocols. - Working knowledge of agile and DevSecOps methodologies and related tools (e.g., JIRA, Confluence, GitLab, Jenkins). Ideally, You Also Have (Preferred Qualifications): - Certifications: CISSP, CISM, CAP, Security+, AWS Certified Security – Specialty, or other relevant certifications. - Experience in a high-side or multi-enclave (U/S/TS) environment. - Experience working with Agile development teams and CI/CD pipelines. - Familiarity with Infrastructure as Code (IaC) and cloud configuration management tools (e.g., Terraform, Ansible).

Requirements