Information System Security Specialist II

About The Position

Requirements

• Experience with vulnerability scanning tools such as ACAS and SCAP.
• Knowledge of STIG compliance and security hardening processes.
• Familiarity with Risk Management Framework (RMF) and ATO processes.
• Experience with patch management and baseline configuration management.
• Ability to analyze network and system vulnerabilities and recommend mitigation strategies.
• Strong documentation and reporting skills.
• Knowledge of continuous monitoring and vulnerability management programs.
• Must be a U.S. Citizen.
• Ability to obtain and maintain an active security clearance.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
• Must already have or be able to obtain a CompTIA Security Plus certification prior to start date.

Responsibilities

• System patching and vulnerability scanning.
• Perform monthly maintenance of software baselines to maintain Information Assurance (IA) compliance.
• Maintain records of patches applied and update associated documentation with current software versions.
• Ensure all hardware, software, and firmware changes to the software baseline are coordinated with the Information System Security Manager (ISSM).
• Ensure security patches are applied, tested, and implemented appropriately.
• Conduct regressive compliance scanning to support the monthly patch cycle.
• Perform vulnerability scans using Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP).
• Verify Security Technical Implementation Guide (STIG) compliance for the Cybersecurity Service Baseline (CSB).
• Track, apply, test, and report STIG compliance using: STIG checklists, SCAP tools, MCCAST.
• Monitor and analyze computer systems and networks to identify risks and potential vulnerabilities.
• Anticipate potential system threats and implement innovative methods to protect the software baseline.
• Detect and respond quickly to cyber-attacks and remediate vulnerabilities or system flaws.
• Utilize the Risk Management Framework (RMF) to support future Authority to Operate (ATO) authorizations.
• Conduct quarterly reviews to ensure continued compliance with system accreditation and certification requirements.
• Document security issues and remediation strategies through Whitepapers and Plan of Action & Milestones (POA&M).
• Prepare and maintain cybersecurity documentation including Security checklists and Security configuration documentation.
• Test procedures for cybersecurity validation events.
• Support test events by developing detailed procedures and validating secure configurations.