Information Systems Security Specialist

ITility, LLC.•Washington, DC

3d•Onsite

About The Position

Overview: ITility is seeking an experienced performance driven Information Systems Security Specialist supporting a new government client. This position is contingent on contract award and will be onsite at the Client location in Mclean, VA or Bethesda, MD. ITility is a Service-Disabled Veteran-Owned Business with a passion to equip our nation’s Intelligence Community, armed forces and first responders with the very best to empower their missions. From the virtual battlefield to boots on the ground, our people, processes, and performance drive our ability to help our clients protect what matters, now and for generations to come. At ITility, we help our customers command the future by thinking beyond perceived limits to create new, unexpected ways to protect and defend our nation. We inspire and empower people to create significant solutions that secure what matters to our customers and communities, here and around the globe. Information Security Specialist Supports cybersecurity continuous compliance monitoring and information system security activities for government systems, focusing on RMF/ATO support, continuous monitoring, control evidence management, vulnerability and POA&M coordination, and audit readiness. Works with Cyber Ops leadership, system owners, engineers, and program security to maintain compliance while enabling mission operations.

Requirements

Must be US Citizen
Active Top Secret SCI Clearance and Active Counterintelligence (CI) Polygraph
3-7 years of experience supporting information system security, cybersecurity compliance, or RMF/ATO support for government systems.
Working knowledge of NIST-based security controls and common compliance workflows (RMF/ATO concepts, continuous monitoring, POA&M).
Strong documentation and evidence management skills; ability to maintain audit-ready records.
Experience collaborating with technical teams (IT/cloud/network/endpoint) to gather artifacts and validate implementations.
Proficiency with Microsoft Office and collaboration tools (e.g., SharePoint/Teams).
Experience with cloud environments (AWS/Azure) and compliance evidence collection in cloud/hybrid settings.
Ability to operate in a structured compliance environment with shifting priorities and deadlines.
Ability to attend on-site meetings/assessments as required by customer or system access constraints.

Nice To Haves

Certifications (nice to have): Security+, CAP, CISSP/CCSP, CISM, SSCP, or equivalent.
Familiarity with common governance/compliance and security tooling (GRC platforms, ticketing systems, vulnerability scanners).

Responsibilities

Support the RMF lifecycle as assigned: system boundary documentation, control implementation tracking, evidence collection, and assessment preparation.
Maintain and update security artifacts as applicable (e.g., SSP, control evidence, configuration management documentation, incident response artifacts, contingency planning evidence).
Coordinate POA&M development and management: track findings, owners, milestones, remediation evidence, and closure packages.
Support vulnerability management workflows: intake scan results, validate remediation evidence, track exceptions/risk acceptances (if applicable), and support closure documentation.
Prepare for and support ATO/assessment events: evidence repository management, interview support, response tracking, and action-item closure.
Support security change control: document changes, assess security impact, and ensure approvals and artifact updates are completed.
Produce weekly/monthly compliance reporting (status, risks, blockers, and recommended mitigation actions).
Participate in incident response support activities as directed (documentation, coordination support, and lessons learned).

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume