Cybersecurity Specialist
About the role
The role supports secure operations, compliance, risk management, and continuous monitoring for a mission-critical federal grants platform. It emphasizes federal security requirements, ATO support, POA&M management, incident response, security documentation, vulnerability coordination, and collaboration across technical, operational, and federal stakeholder teams.
Responsibilities
- Support cybersecurity, privacy, compliance, and risk management activities for Grants.gov application operations, application platform services, approved enhancements, transition activities, disaster recovery, and ongoing modernization coordination.
- Contribute to Authority to Operate activities, including security documentation updates, control evidence collection, assessment preparation, remediation tracking, and coordination with federal security stakeholders.
- Manage and support POA&M activities by tracking findings, coordinating remediation owners, documenting milestones, validating closure evidence, and communicating risk status to program and security leadership.
- Career Development
- Coordinate vulnerability management activities, including scan review, issue triage, remediation planning, exception tracking, patch coordination, and verification of resolved findings across application and platform teams.
- Support security monitoring, intrusion detection coordination, incident response, incident notification, incident reporting, root cause analysis, and recommendations to reduce recurrence.
- Career Development
- Coordinate with development, operations, cloud, database, network, and application platform teams to ensure security considerations are incorporated into releases, configuration changes, deployments, maintenance activities, and enhancements.
- Career Development
- Maintain and update security-related artifacts, including system security documentation, control implementation details, risk registers, incident reports, remediation plans, operating procedures, and compliance evidence.
- Career Development
- Support transition-in and transition-out activities by helping validate security documentation, accounts, certificates, licenses, support systems, inventories, controls, and operational security responsibilities.
- Career Development
- Prepare and communicate security status, risks, issues, remediation progress, incident impacts, control gaps, and compliance recommendations in formats appropriate for executive, federal, technical, and non-technical audiences.
Requirements
- Bachelor's degree.
- Additional four (4) years of experience needed in lieu of degree.
- Five (5) plus years of experience supporting cybersecurity, information assurance, compliance, risk management, or security operations for enterprise systems, federal IT programs, or mission-critical applications.
- Demonstrated experience supporting ATO activities, security documentation, control evidence collection, assessment preparation, continuous monitoring, POA&M management, or remediation tracking.
- Working knowledge of federal cybersecurity requirements and frameworks, including FISMA, NIST 800-53, FedRAMP, privacy requirements, security assessment processes, and risk management practices.
- Experience coordinating vulnerability management, patch remediation, security findings, exception requests, scan analysis, incident response, and compliance evidence across technical teams.
- Ability to coordinate effectively with federal security stakeholders, ISSOs, system owners, developers, testers, operations teams, cloud teams, database administrators, helpdesk partners, IV&V teams, and other contractors.
- Strong understanding of: Security control implementation, evidence collection, assessment readiness, and continuous monitoring; POA&M tracking, vulnerability remediation, risk acceptance, exception management, and closure validation; Incident response, incident notification, root cause analysis, security monitoring, and corrective action planning; Secure SDLC, DevSecOps practices, release coordination, configuration management, and change impact analysis; Security documentation, risk reporting, compliance dashboards, and stakeholder communications.
- Experience using security, compliance, and collaboration tools such as vulnerability scanners, ticketing systems, GRC platforms, Jira, Azure DevOps, Confluence, SharePoint, Microsoft Teams, or similar platforms.
- Excellent communication, analytical, documentation, coordination, and problem-solving skills with the ability to explain security risks and compliance needs to executive, federal, technical, and non-technical audiences.
- Must be able to obtain and maintain a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.
Qualifications
- Additional four (4) years of experience needed in lieu of degree.
- Five (5) plus years of experience supporting cybersecurity, information assurance, compliance, risk management, or security operations for enterprise systems, federal IT programs, or mission-critical applications.
- Demonstrated experience supporting ATO activities, security documentation, control evidence collection, assessment preparation, continuous monitoring, POA&M management, or remediation tracking.
- Working knowledge of federal cybersecurity requirements and frameworks, including FISMA, NIST 800-53, FedRAMP, privacy requirements, security assessment processes, and risk management practices.
- Experience coordinating vulnerability management, patch remediation, security findings, exception requests, scan analysis, incident response, and compliance evidence across technical teams.
- Ability to coordinate effectively with federal security stakeholders, ISSOs, system owners, developers, testers, operations teams, cloud teams, database administrators, helpdesk partners, IV&V teams, and other contractors.
- Strong understanding of: Security control implementation, evidence collection, assessment readiness, and continuous monitoring; POA&M tracking, vulnerability remediation, risk acceptance, exception management, and closure validation; Incident response, incident notification, root cause analysis, security monitoring, and corrective action planning; Secure SDLC, DevSecOps practices, release coordination, configuration management, and change impact analysis; Security documentation, risk reporting, compliance dashboards, and stakeholder communications.
- Experience using security, compliance, and collaboration tools such as vulnerability scanners, ticketing systems, GRC platforms, Jira, Azure DevOps, Confluence, SharePoint, Microsoft Teams, or similar platforms.
- Excellent communication, analytical, documentation, coordination, and problem-solving skills with the ability to explain security risks and compliance needs to executive, federal, technical, and non-technical audiences.
- Must be able to obtain and maintain a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.
Skills
- Security+, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent cybersecurity certification.
- Certified Authorization Professional (CAP), Certified in Governance, Risk and Compliance (CGRC), or equivalent federal compliance credential.
- AWS Security Specialty, AWS Solutions Architect, or equivalent cloud security certification.
- ITIL, SAFe, DevSecOps, or other relevant federal IT service delivery certification.
Benefits
The annual salary range for this position is $98,000.00-$163,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
Pay
The annual salary range for this position is $98,000.00-$163,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
Schedule
Travel up to 10%.
Qualifications
- Additional four (4) years of experience needed in lieu of degree.
- Five (5) plus years of experience supporting cybersecurity, information assurance, compliance, risk management, or security operations for enterprise systems, federal IT programs, or mission-critical applications.
- Demonstrated experience supporting ATO activities, security documentation, control evidence collection, assessment preparation, continuous monitoring, POA&M management, or remediation tracking.
- Working knowledge of federal cybersecurity requirements and frameworks, including FISMA, NIST 800-53, FedRAMP, privacy requirements, security assessment processes, and risk management practices.
- Experience coordinating vulnerability management, patch remediation, security findings, exception requests, scan analysis, incident response, and compliance evidence across technical teams.
- Ability to coordinate effectively with federal security stakeholders, ISSOs, system owners, developers, testers, operations teams, cloud teams, database administrators, helpdesk partners, IV&V teams, and other contractors.
- Strong understanding of: Security control implementation, evidence collection, assessment readiness, and continuous monitoring; POA&M tracking, vulnerability remediation, risk acceptance, exception management, and closure validation; Incident response, incident notification, root cause analysis, security monitoring, and corrective action planning; Secure SDLC, DevSecOps practices, release coordination, configuration management, and change impact analysis; Security documentation, risk reporting, compliance dashboards, and stakeholder communications.
- Experience using security, compliance, and collaboration tools such as vulnerability scanners, ticketing systems, GRC platforms, Jira, Azure DevOps, Confluence, SharePoint, Microsoft Teams, or similar platforms.
- Excellent communication, analytical, documentation, coordination, and problem-solving skills with the ability to explain security risks and compliance needs to executive, federal, technical, and non-technical audiences.
- Must be able to obtain and maintain a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.