(590) Information Security Specialist III
Arlo Solutions · Silver Spring, MD · 10 mo ago
Information TechnologyFull-time
Responsibilities and/or Success Factors
- Lead the development and implementation of comprehensive information security policies, procedures, and protocols for insider threat detection and mitigation
- Design and establish security frameworks that integrate physical security, personnel security, cybersecurity, and information assurance functions
- Create and maintain security guidelines for handling classified national security information (CNSI) and controlled unclassified information (CUI)
- Conduct comprehensive risk assessments of NOAA's information systems, networks, and data repositories
- Analyze security vulnerabilities and develop mitigation strategies for identified risks
- Evaluate and assess compliance with federal security standards including FISMA, NIST frameworks, and DoD cybersecurity requirements
- Perform security impact assessments for new systems, applications, and processes
- Consolidate and analyze security data from multiple internal and external sources to identify potential insider threats
- Design and implement data integration systems that provide real-time monitoring and actionable insights to leadership
- Develop and maintain insider threat detection systems and behavioral monitoring capabilities
- Ensure ethical data collection and analysis practices that comply with privacy regulations and civil liberties requirements
- Collaborate with law enforcement agencies and external partners on complex security investigations
- Ensure compliance with federal security regulations including Executive Order 13587, NSPM-33, FISMA, and NIST standards
- Conduct regular security compliance audits and assessments
- Prepare detailed compliance reports and corrective action plans for identified gaps
- Maintain documentation for security authorization and accreditation processes
- Develop technical training materials and awareness programs focused on insider threat identification and mitigation
- Provide expert consultation on security best practices and threat scenarios
- Support the delivery of security training sessions for NOAA personnel, contractors, and uniformed services
- Create technical resources and job aids for security awareness initiatives
- Serve as technical liaison with internal NOAA teams including the Cybersecurity Division and Human Resources
- Communicate complex technical security concepts to non-technical stakeholders
- Provide expert technical guidance to program leadership and government officials
- Develop and maintain comprehensive security policies and standard operating procedures (SOPs)
- Create technical documentation for security systems, processes, and procedures
- Review and update security policies to ensure alignment with evolving threats and regulatory requirements
- Contribute to the development of security guidelines and best practice documentation
Minimum Qualifications Including Certificates
- Must be a U.S. Citizen
- Active Top Secret security clearance with SCI eligibility (required before contract start)
- Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related STEM field from an accredited college or university
- Five (5) years of experience in information security, cybersecurity, or related field
- Five (5) years of experience in insider threat detection, behavioral analysis, or risk management
- Experience with federal compliance frameworks including FISMA, NIST Cybersecurity Framework, and Risk Management Framework (RMF)
- Knowledge of classified information handling procedures and National Industrial Security Program Operating Manual (NISPOM) requirements
- Experience with security incident response and investigation methodologies
- Demonstrated experience with security data analysis and threat intelligence platforms
- Strong analytical and problem-solving skills with attention to detail
- Excellent written and verbal communication skills
Desired Qualifications
- Experience with NOAA or other federal agency cybersecurity programs
- Professional security certifications (CISSP, CISM, GIAC, or equivalent)
- Experience with behavioral analytics and insider threat detection tools
- Knowledge of NSPM-33 research security requirements
- Familiarity with NIST Special Publications (SP 800 series) and federal cybersecurity guidance
- Experience with Security Information and Event Management (SIEM) systems
- Knowledge of machine learning and artificial intelligence applications in cybersecurity
- Experience with cloud security frameworks and technologies
- Understanding of privacy protection principles and compliance requirements