What are the responsibilities and job description for the Senior Cyber Security Specialist position at Evolver Federal?
Evolver Federal is seeking a Senior Cyber Security Specialist to join our team supporting our Federal Government client. This position requires on-site support for 1 day/week (Tuesdays or Thursdays) at our federal client's HQ located in Camp Springs, MD.
The successful candidate will assist the client with ensuring all aspects of the Risk Management/ Continuous Monitoring Program operates as intended and make process improvement recommendations to drive efficiencies within the organization. The individual will act as a liaison between various groups within the client organization including but not limited to the Security Control Assessment Team (SCA), Risk Management and Internal Controls (RMIC) Group, and System development & Maintenance Team as well as other groups within the Information Security Division.
May be asked to lead a team of up to 3 Security Analysts in coordinating workload, identifying dependencies, escalating risks, etc.
Responsibilities
- Perform quality assurance reviews of security documentation as needed to ensure content meets the intended requirements and is suitable to determine the security posture and associated risk of an IT system.
- Participate in process improvement initiatives to mature the client's internal business processes in areas including, but not limited to, vulnerability remediation, patch remediation efforts, STIG compliance, and standard OS images.
- Develop and maintain documentation relating to internal security processes and procedures, including related training materials.
- Identify, advise, and plan process improvement initiatives to facilitate the elevation of the organization's overall cybersecurity posture and process efficiencies.
- Advise and make recommendations for quantifying risk and incorporating forward looking risk assessment into the client's Risk Management Program.
- Monitor and review NIST guidance and DHS policies for changes, evaluate associated risk and impacts, make recommendations for changes to organization level guidance to ensure compliance and alignment.
- Plan, prioritize, and implement strategies for responding to policy changes.
- Provide subject matter expertise to high priority, time sensitive tasks including reviewing and commenting on risk analyses relating to FedRAMP and emerging technologies, conducting document reviews (internal and external to the agency) to ensure organizational policy aligns to proposed changes, and conduct reviews of incoming guidance and advise on impacts to the current Risk Management Program as well as in process strategic initiatives and process improvement initiatives.
- Develop CISO Memos and other governance documentation to promote and support the organization's Risk Management Program.
- Develop communication and implementation strategies for promoting new and updated policy guidance and procedures.
- Act as an intermediary with other organizational groups, Divisions, etc. to facilitate the client's mission including but not limited to the goals of the Risk Management Program.
- Participate in strategic initiatives and process improvement initiatives to mature the client's internal business processes in areas including, but not limited to, Zero Trust, vulnerability remediation, patch remediation efforts, STIG compliance, and standard Operating System images.
- Develop briefings and presentations for Government PM and Executive Management.
- Perform other duties as assigned by the Government.
- Meet with SMEs in order to ensure that specialized topics are appropriately addressed and discussed
Basic Qualifications
- Bachelor's Degree
- 5 years of experience specific to evaluating IT systems using NIST SP 800-53 in the federal government.
- 2 years of experience using one or more of the following tools: tenable.io, Nexus IQ Server, Splunk Enterprise v 7.3 and higher, DoJ CSAM, JIRA/ Confluence, CloudCheckr, PrismaCloud
- 2 years of experience as an IT Project Manager and/or possess the necessary IT background to accurately assess system changes and categorize them as a major versus minor change.
- 1 year of previous client-engagement experience.
- Must be a US Citizen with suitable eligibility for Public Trust position.
Preferred Qualifications
- Previous experience supporting Department of Homeland Security federal clients preferred
- Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
- Possess strong analytical and critical thinking skills with the ability to apply them to the client/ contract workspace.
- Working knowledge of the NIST SP 800-37 Risk Management Framework.
- In depth knowledge of the NIST SP 800-53 and direct experience applying the NIST SP 800-53 to document and evaluate IT system compliance with specified control requirements.
- Demonstrates the ability to assess overall risk to an IT system and the data it stores, processes, or transmits, based on the type of IT system changes being implemented.
- Ability to work independently and possesses a solid understanding of cyber security concepts.
- Ability to communicate clearly and effectively via written and verbal communication in both formal and informal situations.
- Ability to clearly communicate complex technical concepts to Information Technology Project Managers, Database Administrators, Application Developers, and Security Compliance Analysts, as well as non-technical POCs such as Branch Chiefs and Business System Owners.
- Ability to adapt to frequent changes in priorities, follow project schedules, meet established deadlines, and proactively communicate risks and issues to the Contractor PM and/or Federal Leads.
- Ability to adapt to an Agile environment and provide quality, professional deliverables in a short timeframe with little to no guidance from the Government.
- Ability to work independently and effectively in a dynamic and fast-paced environment.
- Determine the clearest and most logical way to present information and instructions for greatest reader comprehension and write and edit technical information accordingly.
- Possess good listening skills and the ability to detect explicit and implicit needs and wants of the client.
Evolver Federal is an equal opportunity employer and welcomes all job seekers. It is the policy of Evolver Federal not to discriminate based on race, color, ancestry, religion, gender, age, national origin, gender identity or expression, sexual orientation, genetic factors, pregnancy, physical or mental disability, military/veteran status, or any other factor protected by law.