IT Security Specialist III

Summary

In this role your primary goal is to improve program efficiency, effectiveness, and consistency by providing prompt, reliable, and high-quality annual assessments of all High and Moderate systems in support of the Risk Management Framework all while working in a telework environment. Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.

Supervisory Responsibilities: None

Essential Functions/Responsibilities

Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.

Review all relevant security documentation for the system to be assessed

Review system-developed core security documentation

Document computer security and emergency measures policies, procedures, and tests

Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures

Perform a thorough, accurate, and effective evaluation of the systems security controls

Develop high-quality security authorization package documentation

Aid in developing and conducting entrance and exit briefings

Develop and maintain sound IT security policies, procedures, templates, and checklists for assessments

Conduct on-site assessments ( 3 to 6 times a year, typically lasting 1 week)Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Basic Qualifications

Bachelor’s Degree in Computer Science or related field (i.e., EE, CPE, MIS, IT) or equivalent relevant work experience

Eight (8) years of relevant experience

Knowledge of IT security policies and implementation standards and comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards

Proficiency in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools

Proficiency with enterprise architecture methodologies, concepts, procedures, principles, and tools

Ability to facilitate effective communications between federal clients, system personnel, and the assessment team

Familiarity with various scanning and monitoring tools

Familiarity with security assessments in a cloud environment

Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio and Project)

Knowledgeable in penetration testing

Strong verbal and written communication skills

Must be organized, timely, and customer service-oriented

Ability to work well independently and in a team setting

Adaptability, flexibility, and ability to deal with ambiguity and change

Experience with NIST SP 800-37 Risk Management Framework, NIST 800-53 REV 5, and FISMA A&A continuous monitoring

Experienced with Security Repository Tools such as Cyber Security Assessment and Management (CSAM)

Preferred Qualifications

Relevant professional certifications: CISSP, CEH, CISM, CCSP, CISA, CompTIA Security+

Additional industry certifications (e.g., AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate)

Security Clearance Requirements

Ability to obtain a government security clearance

Physical Demands

Prolonged periods of sitting at a desk and working on a computer.

Must be able to access and navigate each department at the organizations and client facilities.

Work Environment

Work is normally performed in a telework environment

Proficiency Requirement:

The candidate is expected to demonstrate proficiency in all essential job functions, tools, and processes related to this position within the first 90 days of employment. This includes acquiring a thorough understanding of job-specific responsibilities, systems, and workflows as outlined during onboarding and training. Failure to meet this requirement may result in additional training, reassessment, or other actions as deemed necessary by management.

The base salary range for this position is $126,579 to $178,431.