Sr. Security Specialist

In pursuit of a future contract award, we are seeking a Senior Security Specialist to join our team of qualified, diverse professionals. This is a full-time (regular) exempt (salary) position located in Suffolk, VA with potential for limited teleworking, subject to customer approval. Where innovation meets excellence, we drive the future of technology. As a valued member of our team, you will play a key role in delivering state-of-the-art Information Technology solutions for the Naval Information Forces (NAVIFOR) N4 Directorate. We are looking for qualified candidates who are ready to collaborate, innovate, and make an impact in a fast-paced, forward-looking environment where teamwork is at the heart of our success. Primary responsibilities include:

* Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information

* Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies

* Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure

* Respond to computer security breaches, spillages, and viruses

* Responsible for maintaining cyber hygiene of the systems in accordance with DOD and DON policy and the program continuous monitoring strategy

* Oversee system compliance with the system Authorization Decision Document (ADD) and ensure no changes are made capable of affecting the ADD without proper authorization from the NAO

* Responsible for ensuring all cybersecurity documentation is maintained and updated per DOD and DON policy

* Maintain application and system configuration management in required DON and DOD reporting tools and applications

* Perform system audits to ensure alignment with ADD and approved baselines

To be considered for this position, you must meet the education and experience listed below:

* Over ten (10) years of experience developing and implementing system cybersecurity solutions

* BA/BS from a US Department of Education accredited college or university in Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, Computer Engineering, Mathematics field or Engineering field. Two (2) years of relevant experience may be substituted for one (1) year of formal education as follows:

* AA/AS plus an additional 4 years of experience (14 years total)

* High School diploma plus an additional 8 years of experience (18 total)

MINIMUM QUALIFICATIONS:

To be considered for this position, you must minimally meet the knowledge, skills, and abilities listed below:

* Experience with the Risk Management Framework (RMF), identifying and tailoring security control baselines with applicable overlays, developing and maintaining the Security Plan for RMF, leading security control implementation and testing, performing vulnerability risk assessments in accordance with RMF Process Guide, assisting with security testing as required for Authorization and Accreditation (A&A) or annual security reviews, assisting in mitigating and closing open vulnerabilities, and recording security control compliance for systems

* Experience managing system cybersecurity controls, status, and artifacts in eMASS application

* Experience in developing and managing configuration management (change configuration/release management) processes

* Experience with Atlassian Jira or similar issue and project tracking software. Experience with Atlassian Confluence or similar knowledge management software

* IAT II or III certification (e.g., Security+, CISSP, or equivalent)

* Excellent written and verbal communication skills

* US Citizenship is required due to US government contract requirements

PREFERRED QUALIFICATIONS:

Candidates with experience or knowledge in these desired skills will be given preferential consideration:

* Familiarity with CAS, NTIRA, CENTRIXS-M, and SECREL systems

* Experience with AWS GovCloud, cloud security, and DevSecOps integration

* Strong background in incident response, risk assessment, and security control implementation

* Experience working in Agile/Scrum environments

* Proficiency in network security, ITSM frameworks (ITIL, COBIT, or CMMI), and risk management methodologies

* ITIL v3 (or later) foundations certification

* Relevant AWS cloud certification(s), preferably AWS Certified Security - Specialty