Information System Security Specialist II
About the role
We are seeking an experienced Information System Security Specialist II to support the security authorization, compliance, and continuous monitoring activities of mission-critical information systems.
Responsibilities
- Create, update, and maintain IA artifacts required to obtain and sustain favorable Authority to Operate (ATO) decisions.
- Apply the Risk Management Framework (RMF) to support system accreditation and continuous monitoring activities.
- Upload and maintain IA documentation and artifacts within eMASS.
- Track, apply, test, and report STIG compliance using STIG checklists and Security Content Automation Protocol (SCAP) tools.
- Document system management procedures, operating procedures, security concerns, and proposed solutions.
- Support security readiness reviews and prepare security checklists.
- Provide software support for patching and compliance scanning activities.
- Maintain software baselines to ensure IA compliance and perform monthly regressive compliance scanning, including ACAS scans and SCAP reporting.
- Maintain records of applied patches and update associated documentation with software version information.
- Anticipate and mitigate potential security risks affecting the software baseline.
- Monitor and analyze systems and networks to assess risk and recommend policy improvements.
- Clockwise hardware, software, and firmware changes with the ISSM and verify appropriate installation of security patches.
- Document security concerns and remediation activities through whitepapers and Plans of Action & Milestones (POA&M).
- Assist with Annual Security Reviews (ASRs) and Verification & Validation (V&V) activities.
- Develop detailed test procedures and security configuration documentation in support of security test events.
- Evaluate security controls, assess their impact on systems, and develop mitigation strategies where necessary.
Requirements
- 5 yrs experience supporting RMF-based ATO processes.
- Hands-on experience with eMASS, STIGs, SCAP, and ACAS.
- Knowledge of DoD cybersecurity policies, standards, and best practices.
- Experience with patch management, vulnerability scanning, and compliance reporting.
- Strong technical writing skills, including experience developing security documentation and POA&Ms.
- Ability to analyze security controls and recommend effective mitigation strategies.
- Strong communication and collaboration skills.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
Skills
- CompTIA Security Plus certification.
Benefits
TRISTAR is an SBA certified Service-Disabled Veteran-Owned professional services company supporting the U.S. Department of War programs. Our core competencies include Electronic Warfare, Enterprise Management, Full Spectrum Cybersecurity, Information Technology, Digital Transformation, Software Engineering and Development, Maritime Modernization and Engineering, and Technical Solutions.
TRISTAR was founded in March 1995 and has built an employee-focused collaborative environment which enables our team of professionals to create and deliver customized solutions to meet our customers’ mission critical challenges.
TRISTAR’s core capabilities support customers with end-to-end solutions. For over 30 years, TRISTAR has demonstrated and perfected our ability to successfully manage any task, small or large no matter how difficult or complex.
TRISTAR is proud to serve the Department of War and other Federal Agencies.
TRISTAR provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.