ClearanceJobs
Senior Information Security Specialist
We are seeking a highly qualified and experienced Senior Information Security Specialist with 10+ years of experience that will support the establishment, implementation, and maintenance of a life-cycle security model. The Senior Specialist will assess information systems to ensure that the management, operational, personnel, and technical controls are functioning effectively during all phases of the system lifecycle. The Senior Specialist will focus on identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities associated with information systems; information system compliance with government standards and industry best practices, including NIST, OWASP, Common Criteria, DISA and SANS Institute. The Senior Specialist will take an important role in collaborating and providing security management, practices and federal policy expertise in the Agile development environments. The Senior Specialist will be a leader responsible for coordinating with the contract team security personnel, especially the ISSO and also to the numerous system owners to ensure their products are operated and maintained in accordance with government policies and practices. Key Responsibilities: Lead or serve as Senior Subject Matter Expert (SME) within SAFe-aligned project environments Empower, guide security teams to perform at peak operational levels as Team Lead Ensure system and data protection are mission-critical, business aligned Collaborate with stakeholders to evaluate and mitigate technical and operational cybersecurity risks Apply 800-53 controls to assess, improve, and document system security posture Validate controls throughout the system lifecycle, supporting ISSOs where needed Support selection and implementation of controls and industry best practices Lead FISMA compliance efforts, take part in contingency planning/incident response exercises, real event remediation and reporting Safeguard IT assets from malware and unauthorized activities via prevention and detection protocols Review change requests, utilize change management tools to assess impact Oversee documentation, POA&Ms, and continuous improvement of IA posture with cross-functional teams Monitor system activity and audit logs using tools such as Splunk to detect and respond to anomalies Utilize intrusion detection tools to validate integrity and critical file configurations Conduct assessments, execute vulnerability remediation through periodic scans Manage and troubleshoot system access controls and permissions across diverse user groups Ensure privileged user access is managed and mandatory training is completed Install and maintain timely updates of critical patches and security hotfixes Demonstrate working knowledge of SSPs, including updating user guides and governance artifacts If assigned, serve as Registration Authority (RA) for designated platforms to manage digital credentials Promote cybersecurity awareness by leading or participating in training activities Technical Experience or Knowledge: Minimum of 10+ years of security experience as an Senior Information Security Specialist equivalent position Previous hands-on technical experience in networking, system administration and development; and utilizing Splunk for audit log review and system alerting. Demonstrate experience with the following tools: JCAM (Joint Cybersecurity Authorization Management), Telos Xacta, GitLab, Atlassian JIRA and Confluence, Microsoft SharePoint, BigFix, Tenable Security Center Education/Certifications/Skills: Associates degree or Bachelor's in Systems Security, Cybersecurity, Computer Science, Information Technology, or related field Highly recommended in CompTIA Security+ or equivalent certification Preferred certifications in the following to include one or all of the following: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer, CompTIA Cloud+ Agile Certifications, preferred Strong knowledge of SAFe/Agile methodologies, software development life cycles, and modern project management tools and techniques like Continuous Integration and Continuous Deployment (CI/CD) practices Strong problem-solving skills, with the ability to troubleshoot complex issues Excellent communication, negotiation, and stakeholder management skills
We are seeking a highly qualified and experienced Senior Information Security Specialist with 10+ years of experience that will support the establishment, implementation, and maintenance of a life-cycle security model. The Senior Specialist will assess information systems to ensure that the management, operational, personnel, and technical controls are functioning effectively during all phases of the system lifecycle. The Senior Specialist will focus on identifying and evaluating technical and operational security risks, threats, weaknesses, and vulnerabilities associated with information systems; information system compliance with government standards and industry best practices, including NIST, OWASP, Common Criteria, DISA and SANS Institute. The Senior Specialist will take an important role in collaborating and providing security management, practices and federal policy expertise in the Agile development environments. The Senior Specialist will be a leader responsible for coordinating with the contract team security personnel, especially the ISSO and also to the numerous system owners to ensure their products are operated and maintained in accordance with government policies and practices. Key Responsibilities: Lead or serve as Senior Subject Matter Expert (SME) within SAFe-aligned project environments Empower, guide security teams to perform at peak operational levels as Team Lead Ensure system and data protection are mission-critical, business aligned Collaborate with stakeholders to evaluate and mitigate technical and operational cybersecurity risks Apply 800-53 controls to assess, improve, and document system security posture Validate controls throughout the system lifecycle, supporting ISSOs where needed Support selection and implementation of controls and industry best practices Lead FISMA compliance efforts, take part in contingency planning/incident response exercises, real event remediation and reporting Safeguard IT assets from malware and unauthorized activities via prevention and detection protocols Review change requests, utilize change management tools to assess impact Oversee documentation, POA&Ms, and continuous improvement of IA posture with cross-functional teams Monitor system activity and audit logs using tools such as Splunk to detect and respond to anomalies Utilize intrusion detection tools to validate integrity and critical file configurations Conduct assessments, execute vulnerability remediation through periodic scans Manage and troubleshoot system access controls and permissions across diverse user groups Ensure privileged user access is managed and mandatory training is completed Install and maintain timely updates of critical patches and security hotfixes Demonstrate working knowledge of SSPs, including updating user guides and governance artifacts If assigned, serve as Registration Authority (RA) for designated platforms to manage digital credentials Promote cybersecurity awareness by leading or participating in training activities Technical Experience or Knowledge: Minimum of 10+ years of security experience as an Senior Information Security Specialist equivalent position Previous hands-on technical experience in networking, system administration and development; and utilizing Splunk for audit log review and system alerting. Demonstrate experience with the following tools: JCAM (Joint Cybersecurity Authorization Management), Telos Xacta, GitLab, Atlassian JIRA and Confluence, Microsoft SharePoint, BigFix, Tenable Security Center Education/Certifications/Skills: Associates degree or Bachelor's in Systems Security, Cybersecurity, Computer Science, Information Technology, or related field Highly recommended in CompTIA Security+ or equivalent certification Preferred certifications in the following to include one or all of the following: Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), AWS Certified Security Specialty, Microsoft Certified: Azure Security Engineer Associate, Google Professional Cloud Security Engineer, CompTIA Cloud+ Agile Certifications, preferred Strong knowledge of SAFe/Agile methodologies, software development life cycles, and modern project management tools and techniques like Continuous Integration and Continuous Deployment (CI/CD) practices Strong problem-solving skills, with the ability to troubleshoot complex issues Excellent communication, negotiation, and stakeholder management skills