Information System Security Specialist II

About The Position

Requirements

• 5 yrs experience supporting RMF-based ATO processes.
• Hands-on experience with eMASS, STIGs, SCAP, and ACAS.
• Knowledge of DoD cybersecurity policies, standards, and best practices.
• Experience with patch management, vulnerability scanning, and compliance reporting.
• Strong technical writing skills, including experience developing security documentation and POA&Ms.
• Ability to analyze security controls and recommend effective mitigation strategies.
• Strong communication and collaboration skills.
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• Must have or be able to obtain a CompTIA Security Plus certification prior to start date.
• Ability to obtain and maintain a security clearance.
• Must be a U.S. Citizen.

Responsibilities

• Create, update, and maintain IA artifacts required to obtain and sustain favorable Authority to Operate (ATO) decisions.
• Apply the Risk Management Framework (RMF) to support system accreditation and continuous monitoring activities.
• Upload and maintain IA documentation and artifacts within eMASS.
• Track, apply, test, and report STIG compliance using STIG checklists and Security Content Automation Protocol (SCAP) tools.
• Document system management procedures, operating procedures, security concerns, and proposed solutions.
• Support security readiness reviews and preparation of security checklists.
• Provide software support for patching and compliance scanning activities.
• Maintain software baselines to ensure IA compliance and perform monthly regressive compliance scanning, including ACAS scans and SCAP reporting.
• Maintain records of applied patches and update associated documentation with software version information.
• Anticipate and mitigate potential security risks affecting the software baseline.
• Monitor and analyze systems and networks to assess risk and recommend policy improvements.
• Coordinate hardware, software, and firmware changes with the ISSM and verify appropriate installation of security patches.
• Document security concerns and remediation activities through whitepapers and Plans of Action & Milestones (POA&M).
• Assist with Annual Security Reviews (ASRs) and Verification & Validation (V&V) activities.
• Develop detailed test procedures and security configuration documentation in support of security test events.
• Evaluate security controls, assess their impact on systems, and develop mitigation strategies where necessary.