Senior Information System Security Specialist

About The Position

Requirements

• Active Public Trust clearance
• Bachelor’s degree in information systems, cybersecurity, or related field
• Without a bachelor’s degree, at least 10 years of related experience required
• Minimum of 8 years of information systems and network security experience
• Minimum of 5–6 years of experience supporting federal government customers, including development and maintenance of ATO packages
• Strong understanding of Federal Information Security Modernization Act (FISMA) requirements and reporting
• Strong knowledge of NIST Risk Management Framework (RMF), including NIST SP 800-37, 800-53, 800-18, and related standards
• Experience with FedRAMP and cloud security environments
• Experience performing vulnerability scanning, assessment, and remediation across enterprise systems
• Background in network security or system administration
• Experience assisting system owners with mitigation and remediation activities through POA&M management
• Experience with enterprise security architecture methodologies, tools, and best practices
• Knowledge of contingency planning, backup and recovery, and system resilience practices
• Ability to analyze security risks and provide actionable recommendations to improve system security posture
• Must be comfortable working with system owners and IT operations teams to gather and validate information
• Strong written and verbal communication skills
• RMF, ATO, SSP, POA&M, PIA/PTA/SORN documentation
• CSAM / JCAM or equivalent authorization platforms
• Vulnerability management tools (Nessus, BigFix, Splunk, Invicti, etc.)
• Cloud security (AWS/Azure, FedRAMP)
• Linux, Windows, and network security fundamentals
• DevSecOps and SDLC security integration
• Identity and Access Management (IAM/ICAM)
• Minimum of a Certified Information Systems Security Professional (CISSP) or ability to obtain within 6 months
• Must pass pre-employment qualifications of Cherokee Federal

Nice To Haves

• Certified Information Privacy Professional (CIPP)
• Certified Cloud Security Professional (CCSK) or other cloud certifications preferred
• Additional certifications such as PMP, ITIL, CRISC, or CASP are a plus

Responsibilities

• Provide support to the continuous monitoring process, assessing and evaluating Information Systems (hardware and software) to detect vulnerabilities and identify security weaknesses, including those inherited from FedRAMP cloud service providers and networked environments
• Track, analyze, and remediate vulnerabilities identified through Continuous Diagnostic and Mitigation (CDM) tools and other security platforms, ensuring corrective actions are implemented to improve system security posture
• Provide cybersecurity expertise across the System Development Life Cycle (SDLC), supporting Agile, DevSecOps, and traditional development models, including Security Assessment and Authorization (SA&A) and Information System Continuous Monitoring (ISCM)
• Develop and maintain ATO documentation including System Security Plans (SSP), Privacy Impact Assessments (PIA), Privacy Threshold Analyses (PTA), System of Records Notices (SORN), and supporting artifacts
• Assist system owners, information owners, and ISSMs in managing Plans of Action and Milestones (POA&Ms), including identifying gaps, developing remediation strategies, and tracking progress
• Conduct quality assurance reviews of POA&Ms to ensure accuracy, completeness, and cost-effective remediation strategies
• Perform vulnerability scanning and security assessments across Linux, Windows, and cloud environments using tools such as Nessus, BigFix, Splunk, and similar platforms
• Maintain and update system information in Cyber Security Assessment and Management (CSAM/JCAM) or equivalent systems
• Support contingency planning activities, including Business Impact Analysis (BIA), testing, and documentation in accordance with NIST SP 800-34
• Provide support for audit readiness by preparing documentation and assisting with responses to internal and external audits
• Collaborate with system owners, business stakeholders, and IT operations teams to gather information, resolve issues, and ensure compliance with federal cybersecurity requirements
• Support system inventory management, interconnections, and security documentation aligned with NIST standards
• Perform other job-related duties as assigned

Benefits

• Medical
• Dental
• Vision
• 401K
• Other possible benefits as provided