Cybersecurity Specialist

About The Position

Requirements

• 3+ years (adjust as needed) of cybersecurity / information assurance experience supporting DoD information systems.
• Demonstrated hands-on experience executing RMF end-to-end and managing packages in eMASS.
• Working knowledge of: NIST SP 800-53 security controls and assessment processes
• DoD RMF process, ATO lifecycle, and continuous monitoring expectations
• DISA STIGs, SCAP, vulnerability management processes
• Experience creating and maintaining RMF documentation (SSP, POA&M, SAR/SAP, etc.) and coordinating evidence collection.
• Strong communication skills; ability to translate compliance requirements into actionable tasks for technical teams.
• Ability to manage multiple systems and competing deadlines in a structured, detail-oriented way.
• IAT/IAM compliant certification (per contract), such as: Security+ CE, CySA+, CASP+, CISSP, CISM (or equivalent)
• Active DoD Secret clearance required.
• Must be able to obtain and maintain required clearance and access.

Nice To Haves

• Experience supporting classified systems, cross-domain solutions, or mission systems.
• Familiarity with ACAS, HBSS/ESS, endpoint security tooling, SIEM workflows, and audit log review processes.
• Experience with control inheritance, overlays, and boundary/architecture documentation for complex environments.
• Understanding of FedRAMP Moderate/High or CNSSI 1253 alignment (where applicable).
• Prior work with assessors/3PAOs, SCA-V, or internal assessment teams.
• Additional preferred: CAP, CISSP-ISSEP, CCSP, vendor-specific security certs.

Responsibilities

• Serve as the primary cybersecurity compliance lead for assigned information systems under DoD RMF.
• Develop, update, and maintain RMF artifacts including (as applicable): SSP, SAP, SAR, POA&M, RAR, control implementation statements, and supporting evidence.
• Manage and track RMF workflow in eMASS: package creation, control inheritance, artifact uploads, POA&M management, and status reporting.
• Coordinate and support ATO activities, including preparation for assessor interactions and facilitating remediation of findings.
• Perform and document continuous monitoring activities: periodic control assessments, configuration compliance checks, vulnerability tracking, and audit log review coordination.
• Support security control implementation and validation for NIST SP 800-53 controls (aligned to applicable DoD baselines).
• Participate in change management: evaluate security impact of system changes, update documentation, and coordinate reauthorization actions as required.
• Review security scans and artifacts (e.g., ACAS/Nessus outputs, SCAP results, STIG checklists), validate remediation actions, and ensure results are reflected in POA&Ms.
• Ensure systems meet applicable DoD/Federal requirements (e.g., DoD RMF policy, NIST guidance, DISA STIGs, platform hardening requirements).
• Provide cybersecurity guidance to system owners and technical teams on control implementation, documentation, and audit readiness.
• Produce metrics and executive-level reporting on compliance status, risk posture, POA&M trends, and ATO timelines.