Cyber Security Specialist
Full-Time, Direct Hire Position with Full Benefits and Matching 401(k) Plan
Work Location: Columbia, MD
The Cyber Security Specialist will be supporting the performance of tasks associated with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). This individual will support the preparation of system and security documentation in accordance with Federal Information Security Modernization Act (FISMA) requirements throughout the various stages of the Risk Management Framework (RMF). The Cyber Security Specialist will work in a team environment and perform assigned tasks with minimal supervision and support. The candidate will work closely with system stakeholders to document system information, consult on system/authorization boundary topics, and ensure that applicable security controls are identified and documented appropriately. In addition, the candidate will provide support during the assessments of systems to which he/she is assigned by assisting with the tracking and gathering of evidentiary artifacts in addition to the testing of information systems. After authorization of the system, the Cyber Security Specialist will support continuous monitoring efforts by assisting with the scheduling of monitoring activities, maintaining system and security documentation, performing annual assessments, and tracking Plan of Action and Milestones (POA&M) entries.
- Coordinate with the customer regarding status of consulting and assessment projects.
- Develop deliverables associated with a FISMA security package including, but not limited to: System Security Plan (SSP), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Continuous Monitoring Plan.
- Gather and organize technical information about missions, goals, and requirements.
- Perform project tasks involving the integration of tools or methodologies to resolve organizational and system security problems.
- Provide IT security guidance to Information System Owners.
- Gather and organize technical information about information systems.
- Perform boundary scoping exercises and architecture reviews.
- Support the performance of security assessments.
- Gather and organize artifacts in preparation for security assessments.
- Maintain information system component inventories.
- Track and update POA&M entries.
- Support scheduling of assessments and continuous monitoring activities.
- Perform vulnerability scanning using government or commercial-off-the-shelf tools.
- Conduct risk/threat analyses on cloud infrastructures that are integrated in the client’s information systems solutions.
- Ensure that the information systems are built with security in mind.
- Bachelor’s degree in Cyber Security, Computer Science, or related discipline.
- 5+ years of relevant industry experience in performing tasks associated with the Risk Management Framework (with at least 3 being in IT security audit, assessment, compliance, or risk management).
- At least 5 years of experience with FISMA consulting and assessment projects.
- Thorough understanding of FISMA requirements and NIST guidance.
- Must be able to work both independently and in a team environment.
- Must have strong written, verbal, and presentation communication skills.
- At least ONE IT security-related industry certifications such as a CAP, CCSK, CISA, CISM, CISSP, CCSP, CRISC, CCISO, or Amazon Web Services (AWS)/Google Cloud Platform (GCP)/Microsoft Azure specific certifications.
- Knowledgeable of cloud architectures and operations (preferred)
- Experience using security tools, such as Nessus, WebInspect, AppDetective, and others.
Preferred Qualifications (Not all of these are mandatory but are considered a plus):
- Experience performing FedRAMP assessments.
- Experience engineering cloud systems.
- Experience with cloud system administration (e.g., database, system, network).