Control Validation Security Specialist Senior

About The Position

Requirements

• Current DoD 8670.01/8140 IAM Level III certification that includes one or more of the following: ISACA CISM, ISC2 Certified Information Systems Security Professional (CISSP), GIAC/SANS GIAS Security Leadership Certification (GSLC), or EC-Council Certified Chief Information Security Officer (CCISO).
• 3+ years of experience working with DoD cybersecurity policy such as DoD 8500-series or NIST SP 800-53, with strong understanding of Risk Management Framework (RMF) principles and processes.
• 2+ years of experience using Enterprise Mission Assurance Support Service (eMASS) to support RMF authorization activities and security documentation tracking.
• Demonstrated ability to perform independent IT audits and security control validation across complex enterprise environments.
• Strong analytical and problem-solving skills with the ability to identify cybersecurity vulnerabilities and recommend appropriate mitigations.
• Proficiency with Microsoft Office tools, including Excel, Access, Word, and PowerPoint, for cybersecurity analysis and reporting.
• Strong knowledge of network architecture and network security implementation.
• Strong written and oral communication skills capable of supporting executive-level briefings.
• Ability to balance mission objectives with cybersecurity risk management.
• Must be eligible for IT-II designation upon assignment.
• There is a Secret Security clearance requirement for this position.

Nice To Haves

• Experience supporting DoD or DLA program offices.
• Experience supporting DoD DLA environments.
• Experience leading enterprise-level cyber modernization initiatives.
• Familiarity with DLA-specific cybersecurity governance frameworks.
• Current Project Management Professional (PMP) certification.
• Current Risk Management Professional certification such as one or more of the following: PMP-RMP, ISACA Certified in Risk and Information Systems Control (CRISC), ISACA Certified Information Systems Auditor (CISA), ISACA Certified Information Security Manager (CISM), ISC2 Certified in Governance, Risk and Compliance (CGRC), or Risk and Insurance Management Society (RIMS) Certified Risk Management Professional (RIMS-CRMP).

Responsibilities

• Cybersecurity Control Validation and IT Audit Support: Independently perform information system security control validation and IT audit activities across complex information systems, applications, networks, and enclaves. Verify that cybersecurity controls are properly implemented, configured correctly, and operating in accordance with federal and DoD cybersecurity requirements. Conduct cybersecurity assessments to determine whether implemented controls effectively protect systems from unauthorized access, misuse, or destruction. Validate compliance with cybersecurity policies and standards applicable to DLA enterprise systems.
• RMF Authorization and Security Assessment Support: Support the enterprise RMF authorization process in accordance with DoDI 8510.01 RMF for DoD IT. Perform technical reviews of RMF authorization packages, supporting documentation, and system security artifacts. Analyze residual risk and determine whether implemented security controls satisfy security requirements and authorization standards. Assist in preparing security assessment reports and authorization recommendations for review by the Security Control Assessor and Authorizing Official.
• Continuous Monitoring and Vulnerability Analysis: Conduct cybersecurity control validation exercises on classified and unclassified systems to verify the effectiveness of implemented security measures. Perform vulnerability assessments and analyze security weaknesses to identify potential threats to enterprise systems. Evaluate remediation activities and mitigation strategies to determine whether corrective actions adequately address security findings. Support enterprise continuous monitoring initiatives and cybersecurity risk analysis.
• Security Analysis and Technical Evaluation: Perform technical evaluations of customer systems to identify security weaknesses and recommend improvements to strengthen cybersecurity posture. Analyze network security configurations and system architectures to verify secure implementation of cybersecurity controls. Provide recommendations for improving cybersecurity controls, risk mitigation strategies, and security implementation practices. Balance mission requirements with cybersecurity controls by evaluating operational needs against risk considerations.
• Documentation, Reporting, and Coordination: Document findings from security control assessments, audits, and validation activities in formal reports and assessment summaries. Prepare technical documentation and supporting evidence to support RMF reviews and cybersecurity compliance activities. Coordinate with program managers, system managers, and Information System Security Managers to resolve cybersecurity issues and improve security compliance. Participate in cybersecurity working groups, technical reviews, and enterprise cybersecurity coordination meetings.

Benefits

• We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them.
• BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance.
• Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements.