Synergy
Sr. Information Assurance Security Specialist
Synergy, Reston, Virginia, United States, 22090
Synergy Business Innovation & Solutions is a premier implementer of cutting-edge software solutions. Synergy brings the experience and expertise necessary to deliver capability that provides tangible ROI to our customers. Synergy's core areas of expertise are in the fields of Digital Transformation, Cloud Solutions, SaaS and Low-Code/No-Code solutions, Emerging Technologies, Data analytics and Visualization, Information Assurance, and Business Process Re-Engineering.
Synergy offers its employees a generous portfolio of core and voluntary benefits including: group medical, dental, and vision insurance, company paid life, short-term, and long-term disability insurance; HSA, FSA; 401(k) with immediately vested company match; PTO/Sick Leave, 11 paid federal holidays, parental leave; tuition and training reimbursement; a referral bonus program; and life management programs.
At Synergy, you'll be challenged and given the opportunity to grow in your career path. In fact, growth is such a big deal to us that you will have dedicated career coaches available for every employee, company-funded certification opportunities, education reimbursement, and a general open-door policy so that you have support when you need it. Our team is eager to learn, fast-paced, and quality-driven-if that sounds like you, Synergy has a position for you!
Position Summary:
Synergy is seeking a
Sr. Information Assurance Security Specialist
to support the United States Coast Guard (USCG) at the Aviation Logistics Center (ALC)-Information Systems Division (ISD). The Sr. Information Assurance Security Specialist will focus on maintaining system authorization through RMF execution, vulnerability management, risk assessments, and compliance assurance aligned with DHS 4300A, FISMA, and NIST 800-53 guidelines. The ideal candidate will serve as a technical subject matter expert in cybersecurity assurance, supporting the ongoing protection and accreditation of enterprise systems through ATO sustainment, audit preparation, and continuous control validation. Primary Responsibilities:
Execute and support the Risk Management Framework (RMF) lifecycle including system categorization, control selection, implementation, assessment, and authorization. Develop, maintain, and validate System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans (CPs), and related compliance documentation. Conduct and lead vulnerability assessments, leveraging tools such as Nessus, ACAS, and Fortify to identify and prioritize remediation efforts. Perform continuous monitoring of security controls and produce metrics, dashboards, and evidence in support of ATO renewals and sustainment. Analyze and respond to security incidents, working with SOC personnel and SIEM tools to evaluate logs, investigate events, and contain potential threats. Conduct internal audits and risk assessments to validate the effectiveness of implemented controls and identify compliance gaps. Provide security guidance to engineering and development teams, ensuring adherence to cybersecurity standards in a DevSecOps environment. Stay informed of evolving threats, vulnerabilities, and regulatory changes to proactively enhance security postures. Coordinate with Security Control Assessors (SCAs), ISSOs, system owners, and federal stakeholders on audit readiness and policy compliance. Draft and enforce cybersecurity policies, SOPs, and standards that support mission-critical systems across hybrid environments. All other duties as assigned by management. Skills/Qualifications:
In-depth knowledge of NIST SP 800-53, RMF, DHS 4300A, and federal compliance frameworks. Hands-on experience with SIEM tools, log analysis, and vulnerability scanning platforms (e.g., Tenable, Splunk, McAfee ePO). Strong understanding of network and host-based security controls, including firewall management, IDS/IPS, and encryption standards. Proficiency with Windows, UNIX, RHEL, and relational database security configurations. Ability to manage security documentation and audit evidence repositories such as eMASS, Jira, or SharePoint. Excellent communication and documentation skills for preparing executive summaries, security findings, and technical reports. Education/Experience Requirements:
Bachelor's or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education. Minimum of five (5) years of experience with vulnerability scanning tools and security assessment methodologies. Minimum of five (5) years of experience with network security, firewall management, intrusion detection/prevention systems (IDS/IPS). Minimum of five (5) years of experience with Security Information and Event Management (SIEM). Minimum of five (5) years of experience in the risk management framework. Basic knowledge of the following: Active Directory, UNIX, RHEL, Windows, & Relational Databases. Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred. Clearance:
U.S. citizenship required Must have an active DoD Secret Clearance. Certifications:
CompTIA Security + Preferred. Additional certifications (Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus. Compensation for roles at Synergy varies depending on a wide variety of factors including but not limited to the requirements of the role; education and certifications; knowledge, training, skills and abilities; level of experience; geographic location; and alignment with market data, law, and other business and organizational needs. As required by local law, the posted pay range represents the lowest to the highest pay that Synergy believes in good faith it might pay for this particular job, depending on the circumstances. A reasonable estimate of the current pay range is: $66,750.00 - $133,500.00. Synergy is an equal opportunity employer, and does not discriminate against applicants for employment or its employees on the basis of age, race, creed, color, religion, religious creed, ancestry, national origin, ethnic origin, sexual orientation, gender identity or expression, military or veteran status, sex, medical condition, pregnancy, physical or mental disability, personal appearance, organ donation and hair length associated with race, genetic information or characteristics, family responsibilities, familial status, marital status, citizenship or immigration status, status as a victim of domestic violence, a sexual offense, or stalking, political affiliation, arrest records and criminal convictions, credit information, matriculation, homeless status, or any other characteristic protected by federal, state and local law.
#J-18808-Ljbffr
Synergy is seeking a
Sr. Information Assurance Security Specialist
to support the United States Coast Guard (USCG) at the Aviation Logistics Center (ALC)-Information Systems Division (ISD). The Sr. Information Assurance Security Specialist will focus on maintaining system authorization through RMF execution, vulnerability management, risk assessments, and compliance assurance aligned with DHS 4300A, FISMA, and NIST 800-53 guidelines. The ideal candidate will serve as a technical subject matter expert in cybersecurity assurance, supporting the ongoing protection and accreditation of enterprise systems through ATO sustainment, audit preparation, and continuous control validation. Primary Responsibilities:
Execute and support the Risk Management Framework (RMF) lifecycle including system categorization, control selection, implementation, assessment, and authorization. Develop, maintain, and validate System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, Contingency Plans (CPs), and related compliance documentation. Conduct and lead vulnerability assessments, leveraging tools such as Nessus, ACAS, and Fortify to identify and prioritize remediation efforts. Perform continuous monitoring of security controls and produce metrics, dashboards, and evidence in support of ATO renewals and sustainment. Analyze and respond to security incidents, working with SOC personnel and SIEM tools to evaluate logs, investigate events, and contain potential threats. Conduct internal audits and risk assessments to validate the effectiveness of implemented controls and identify compliance gaps. Provide security guidance to engineering and development teams, ensuring adherence to cybersecurity standards in a DevSecOps environment. Stay informed of evolving threats, vulnerabilities, and regulatory changes to proactively enhance security postures. Coordinate with Security Control Assessors (SCAs), ISSOs, system owners, and federal stakeholders on audit readiness and policy compliance. Draft and enforce cybersecurity policies, SOPs, and standards that support mission-critical systems across hybrid environments. All other duties as assigned by management. Skills/Qualifications:
In-depth knowledge of NIST SP 800-53, RMF, DHS 4300A, and federal compliance frameworks. Hands-on experience with SIEM tools, log analysis, and vulnerability scanning platforms (e.g., Tenable, Splunk, McAfee ePO). Strong understanding of network and host-based security controls, including firewall management, IDS/IPS, and encryption standards. Proficiency with Windows, UNIX, RHEL, and relational database security configurations. Ability to manage security documentation and audit evidence repositories such as eMASS, Jira, or SharePoint. Excellent communication and documentation skills for preparing executive summaries, security findings, and technical reports. Education/Experience Requirements:
Bachelor's or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Five (5) years of directly relevant experience may substitute for two (2) years of formal education. Minimum of five (5) years of experience with vulnerability scanning tools and security assessment methodologies. Minimum of five (5) years of experience with network security, firewall management, intrusion detection/prevention systems (IDS/IPS). Minimum of five (5) years of experience with Security Information and Event Management (SIEM). Minimum of five (5) years of experience in the risk management framework. Basic knowledge of the following: Active Directory, UNIX, RHEL, Windows, & Relational Databases. Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred. Clearance:
U.S. citizenship required Must have an active DoD Secret Clearance. Certifications:
CompTIA Security + Preferred. Additional certifications (Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus. Compensation for roles at Synergy varies depending on a wide variety of factors including but not limited to the requirements of the role; education and certifications; knowledge, training, skills and abilities; level of experience; geographic location; and alignment with market data, law, and other business and organizational needs. As required by local law, the posted pay range represents the lowest to the highest pay that Synergy believes in good faith it might pay for this particular job, depending on the circumstances. A reasonable estimate of the current pay range is: $66,750.00 - $133,500.00. Synergy is an equal opportunity employer, and does not discriminate against applicants for employment or its employees on the basis of age, race, creed, color, religion, religious creed, ancestry, national origin, ethnic origin, sexual orientation, gender identity or expression, military or veteran status, sex, medical condition, pregnancy, physical or mental disability, personal appearance, organ donation and hair length associated with race, genetic information or characteristics, family responsibilities, familial status, marital status, citizenship or immigration status, status as a victim of domestic violence, a sexual offense, or stalking, political affiliation, arrest records and criminal convictions, credit information, matriculation, homeless status, or any other characteristic protected by federal, state and local law.
#J-18808-Ljbffr