Information Assurance / Security Specialist

Diverse Systems GroupBethesda, MD
Onsite

About The Position

Diverse Systems Group, LLC is seeking an Information Assurance Specialist to support Walter Reed National Military Medical Center (WRNMMC)’s system security authorization processes in compliance with the Department of Defense (DOD) and Defense Health Agency (DHA)’s NIST RMF related policies and requirements. This role involves leading and performing DHA-specific Risk Management Framework (RMF)-related tasks throughout all stages of a system’s lifecycle, including stakeholder engagement, A&A project plans, system security categorization, risk assessments, remediation strategies, security package development, NIST 800-53 security controls documentation, artifact collection, IV&V participation, POA&M development, Continuous Diagnostics and Monitoring (CDM) activities, and reporting. The specialist will manage system security packages in DOD Enterprise Mission Assurance Support System (eMASS), conduct technology assessments, and work with administrators to harden systems, apply STIGs, and run SCAP/ACAS scans. Additionally, the role includes developing and delivering cybersecurity training, maintaining a comprehensive understanding of federal security regulations, staying aware of emerging threats, applying security patches, and supporting disaster recovery/COOP plans. The position requires ensuring baseline system security, mitigating cyber threats, adhering to IT security principles, managing configuration, assessing impacts of modifications, and overseeing POA&M resolution. The specialist will also perform comprehensive A&A tasks, utilize eMASS for accreditation packages, lead the RMF accreditation lifecycle, and maintain ongoing A&A packages. Creating and managing setup documentation, security policies, SOPs, and training materials aligned with DOD/DHA cybersecurity needs is also part of the role. Reporting on assessment status, participating in IV&V, and reviewing regulatory security policies to develop technical solutions are expected. The specialist will monitor security posture, provide system/network/security engineering expertise, manage the cybersecurity program to minimize risk, and oversee a team performing system hardening and assessments. A comprehensive understanding of DoD MHS services and programs is beneficial. Other duties related to the Cybersecurity Division may be assigned.

Requirements

  • 5+ years of technical experience related to system and / or network administration and / or cybersecurity operations.
  • Knowledge and experience with DOD RMF A&A artifacts, network architecture, network and security management and monitoring tools and penetration test tools.
  • Experience with deploying & hardening Windows Server 2012 R2, Server 2016, Server 2019.
  • Experience with PowerShell, Tanium, SCAP, NMAP, SQL Developer, Forescout, and/or Splunk.
  • Large Enterprise-level IT experience with maintenance of servers, storage devices and applications.
  • Strong problem solving and critical thinking skills.
  • Strong planning & organizational skills.
  • Strong verbal and written communication skills to include delivery of presentations and communication of technical concepts to non-technical personnel that may span organizations and functional groups.
  • Minimum certification level of CompTIA Security+ CE or equivalent certification required in accordance with DoDI 8140 / DoDD 8570 requirements (IAM/IAT Level 2).
  • CISSP, CAP, CYSA, CISM, MSCE or equivalent certification required.
  • DOD Secret security clearance required.

Nice To Haves

  • Four-year college degree in Cybersecurity, Information Technology, Computer Information Systems, Computer Science, Computer Engineering, or equivalent.
  • Additional years of experience may serve in lieu of a degree.
  • Comprehensive understanding of DoD MHS services and programs, and other usability standards, as well as user interface design methodologies.

Responsibilities

  • Lead and perform Defense Health Agency (DHA)-specific Risk Management Framework (RMF)-related tasks throughout all stages of a system’s lifecycle.
  • Develop and maintain A&A or Threat Management Team project plans.
  • Prepare and maintain FIPS-199 system security categorization.
  • Prepare and maintain FIPS-200 system security controls exceptions.
  • Perform risk assessments and analyze risk remediation and mitigation options and strategies.
  • Develop, review, and submit Assessment & Authorization (A&A) system security packages.
  • Select and document applicable NIST 800-53 rev. 4 security controls in systems’ Security Controls Traceability Matrices (SCTM).
  • Collect, develop, and analyze NIST 800-53 rev 4-related security controls artifacts.
  • Participate in and provide organizational oversight of Independent Verification & Validation (IV&V) activities.
  • Develop and track Plans of Action & Milestones (POA&M).
  • Perform Continuous Diagnostics and Monitoring (CDM)-related activities.
  • Track and report status to leadership and organizational stakeholders.
  • Manage system security packages in DOD Enterprise Mission Assurance Support System (eMASS) throughout system authorization cycles.
  • Conduct and technology assessments, reviews, and technical inspections to identify and mitigate potential security weaknesses.
  • Work in partnership with System and Network Administrators to perform self-assessment and hardening of workstations, servers, network devices, and clinical devices.
  • Apply Secure Technical Implementation Guidelines (STIG) and run hardening and security artifact collection scripts and Security Content Automation Protocol (SCAP) and Assured Compliance Assessment Solution (ACAS) scans.
  • Develop and maintain cybersecurity-related training materials and deliver training for users and System Administrators (SA).
  • Maintain comprehensive understanding of federal security regulatory requirements and security frameworks including DoD/DHA IT Security and IA policies, RMF, NIST SP 800-series, FISMA, FIPS, FedRAMP, policies, directives, and publications.
  • Proactively maintain awareness and understanding of current and emerging threats and vulnerabilities.
  • Apply security patches, IAVAs, STIGS, and updates for all assigned systems.
  • Provide support for the escalation and communication of status to agency management and internal customers.
  • Clearly communicate technical information to both technical and non-technical personnel.
  • Implement and manage disaster recovery and COOP plans, systems, and operations.
  • Ensure maintenance of baseline system security according to organizational policies.
  • Ensure cyber threats and vulnerabilities are mitigated.
  • Ensure information technology (IT) security principles and methods are adhered to.
  • Provide configuration management and accurately assess the impact of modifications and vulnerabilities for each system.
  • Maintain thorough understanding of NIST 800-53 controls, and determine which controls are applicable to the application, as well as document implementation in Security Controls Tractability Matrix (SCTM).
  • Oversee the monitoring and resolving Plan of Action and Milestones (POA&M) to mitigate system vulnerabilities on assigned Information Systems.
  • Ensure technical system documentation required for A&A packages are complete and clearly supports validation and ATO in accordance with system security requirements.
  • Perform comprehensive A&A tasks including package development, controls analysis, risk assessment, contingency planning, security test & evaluation, risk mitigation analysis, and technology assessments.
  • Utilize application NIST and FIPS standards and guidance documents to register and complete accreditation packages in the DISA eMASS system.
  • Lead the RMF accreditation lifecycle for assigned systems from cradle to grave, managing stakeholder engagement, lifecycle progression, schedule development, accreditation package review, submission and validation.
  • Maintain and support current and ongoing A&A packages to ensure an uninterrupted delivery of information technology systems for the organization.
  • Create, manage, and maintain setup documentation and security policies for compliance and accreditation purposes for all programs, projects, including SOPs, Policies, Procedures, Plans, guidelines, checklists, presentations, training guides, etc… in alignment with the DOD/DHA IT organizational cybersecurity needs or in accordance with RMF guidelines.
  • Report on assessment process status.
  • Participate in Independent Verification & Validation (IV&V) activities.
  • Conduct/oversee IV&V testing as required.
  • Assist system certifiers during evaluations.
  • Review regulatory security policies, as well as best practices, and develop the technical solution required in order to implement those requirements on servers, routers, firewalls and other LAN/WAN equipment.
  • Work with System and Network Administrators to monitor the security posture of all networked systems and applications and take appropriate steps to quickly deal with any vulnerabilities.
  • Provide system, network, security engineering expertise and guidance for all aspects of information assurance, including those systems required to meet DoD regulations and requirements.
  • Manage the cybersecurity program to minimize risk and exposure across projects.
  • Oversee a team performing self-assessment and hardening of system servers, applying STIGs, SCAP and ACAS scans, and other scripts.
  • Other duties assigned as related to the Cybersecurity Division.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service