Specialist, Cyber Intelligence

About The Position

Requirements

• Bachelor’s Degree and minimum 4 years of prior relevant experience. Graduate Degree and a minimum of 2 years of prior related experience. In lieu of a degree, minimum of 8 years of prior related experience.
• Active Top Secret US Security Clearance
• Experience developing and managing RMF system authorization packages
• Advanced working knowledge of government cybersecurity policies, RMF processes, security controls, and authorization documentation requirements
• Experience supporting or leading system authorization, continuous monitoring, audit response, and risk management activities in regulated environments
• Ability to assess technical implementations against cybersecurity requirements and translate findings into actionable compliance and risk decisions
• Strong analytical, organizational, coordination, and documentation skills
• Strong verbal and written communication skills with the ability to influence stakeholders and drive resolution of cybersecurity issues
• interpreting vulnerability scanning results (preferably Nessus or Tenable Security Center)
• 5+ years’ experience reviewing workstation, server, firewall, & IPS logs
• 3+ years’ experience with SIEM tools
• Experience as an ISSO cybersecurity on classified systems under DAAG, NISPOM, ICD 503, and/or NIST 800-53
• Experience developing, managing, and providing evidence to close POA&Ms associated with the A&A and project management processes
• Experience with DISA STIGs and SCAP Compliance Checker
• Experience interpreting vulnerability scanning and security log results (Nessus, ACAS, Splunk)
• Exceptional verbal, written, interpersonal and presentation skills, customer relationship building skills, analytical skills and ability to lead/mentor teammates

Nice To Haves

• ISSO/M experience with eMASS
• ISSO/M experience under the DAAG
• Experience with audit reduction tools like Splunk
• Experience with Linux or Unix operating systems
• Flexibility to adjust to changing requirements, schedules, and priorities
• Experience working in a military/DOD environment

Responsibilities

• Lead development, coordination, maintenance, and execution of RMF system authorization packages across the system lifecycle
• Oversee assessment of systems and networks to identify deviations from approved configurations, security baselines, enclave requirements, and applicable government policies
• Interpret and implement cybersecurity requirements in accordance with RMF, NIST, CNSSI, JSIG, DoD, or other applicable government frameworks and customer directives
• Guide system owners, engineers, administrators, and program stakeholders in the implementation and sustainment of required security controls
• Analyze system architectures, operational changes, and technical solutions to determine cybersecurity impact and authorization implications
• Conduct security control assessments and evaluate control effectiveness to validate compliance and identify residual risk
• Lead or support Security Test and Evaluation (ST&E) activities, including planning, preparation, execution support, analysis of results, and reporting of findings
• Prepare, review, and maintain authorization documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), risk assessments, and supporting artifacts
• Track identified vulnerabilities and deficiencies through remediation, risk acceptance, or closure and ensure corrective actions are properly documented and completed
• Support continuous monitoring activities by reviewing vulnerabilities, audit records, change activity, control inheritance, and security-relevant system modifications
• Coordinate internal and external audits, inspections, and reviews and support responses to cybersecurity findings and compliance actions
• Evaluate new and emerging technologies, system changes, hardware and software releases, and proposed implementations for security and compliance impact
• Establish and improve control processes that support risk mitigation, authorization readiness, and long-term sustainment of compliant system operations
• Communicate cybersecurity risks, requirements, and compliance status to technical and non-technical stakeholders, including leadership, customers, and external assessors
• Provide technical guidance, coaching, and subject matter support to team members in RMF execution, security documentation, and compliance practices