Proficient in multiple operating systems (Windows, Linux, etc.)
Experience in cloud security (AWS, Azure)
Responsibilities
Ensure compliance with cybersecurity regulations and standards
Maintain and update security documentation and plans
Coordinate security assessments and audits
Conduct risk assessments and recommend mitigations
Oversee system authorization activities according to RMF
Monitor security posture and incident response efforts
Collaborate with ISSEs and program managers on security integration
Train users on security awareness and practices
Benefits
100% company-paid medical, dental, and vision premiums
401(k) with 8% total company contribution
Up to 20 days of flexible paid time off
Flexible work schedules available
Employee referral bonuses up to $10,000
Short-term and long-term disability coverage paid in full by the company
Life insurance coverage up to $200,000
Full Job Description
Requisition ID: 2959
Standard Title:
Required Security Clearance: Top Secret/SCI with Full Scope Polygraph
Location: Annapolis Junction, MD
Work Type: On-Site
Shift: First
Referral Eligibility: Eligible
U.S. Citizenship Required? Yes
Job Description:
Responsibilities:
Ensures system compliance with federal, DoD, and IC cybersecurity regulations and standards, including NIST, ICD 503, CNSS, and RMF.
Maintains and updates security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), Plan of Action and Milestones (POA&Ms), and Continuous Monitoring Plans.
Coordinates and supports security assessments, audits, and inspections by internal and external stakeholders.
Conducts risk assessments and vulnerability analysis, providing recommendations for mitigating identified risks.
Facilitates and oversees system authorization activities in accordance with the Risk Management Framework (RMF) process.
Monitors and reports on system security posture, incident response, and remediation efforts.
Collaborates with Information Systems Security Engineers (ISSEs), system administrators, and program managers to integrate security requirements into system lifecycle.
Provides security awareness training to system users and enforces proper security practices.
Acts as a liaison between the organization and government customers, ensuring timely communication of security updates and issues.
Experience with some or all of the following:
Security frameworks and policies: NIST SP 800-53, RMF, ICD 503, CNSS, DoD STIGs, FISMA, FedRAMP