Sr. Cyber Security Specialist

Overview

Join our dynamic ITility team and put your skills and passion to work! We are seeking a highly skilled Senior Cyber Security Specialist with a strong background in continuous Authority to Operate (ATO) processes, Risk Management Framework (RMF) 2.0 (Continuous Monitoring), DoD eMASS, with a CISSP certification. The ideal candidate will be responsible for ensuring the security and compliance of enterprise DoD IT environments and maintaining continuous ATOs for a government customer. This is a remote position with an expectation of occasional client site visits. You’ll be working on our prime contract supporting the USMEPCOM, a major command within the U.S. Department of Defense (DoD), responsible for screening and processing applicants into the U.S. Armed Forces. USMEPCOM operates 65 Military Entrance Processing Stations (MEPS) across the U.S., serving as the critical link between recruitment and training for the armed forces. At ITility, we help our customers command the future by thinking beyond perceived limits to create new, unexpected ways to protect and defend our nation. We inspire and empower people to create significant solutions that secure what matters to our customers and communities, here and around the globe. We Value:

• The Drive to Perform Beyond Perceived Limits.
• The Desire to Find Significance in All We Do.
• The Passion and Compassion That Powers Both.

Responsibilities

Key Responsibilities:

• Lead continuous ATO efforts, ensuring compliance with DoD, NIST, and federal cybersecurity frameworks.
• Implement risk management frameworks (RMF) 2.0, Continuous Monitoring, and conduct security control assessments.
• Expertly utilize DoD eMASS to perform cradle to grave actions for ATO package creations and submissions.
• Assess cloud-based applications, and infrastructure, with Application Security and Development STIG.
• Assess DISA STIGs and SRGs across a variety of applications and technologies in cloud environment.
• Support vulnerability assessments, internal and external security audits.
• Collaborate with IT, network, and security teams to enhance the organization's cybersecurity posture.
• Provide incident response support and mitigate security threats effectively.
• Application and system assessment, determination of accreditation requirements (e.g., Continuous Authorization to Operate (cATO)).
• Categorization of information systems and/or data types IAW NIST SP 800-60 Vol II.
• Establishment of Security Requirements Traceability Matrix which identifies applicable DISA STIGs and SRGs.
• Selection of security controls per NIST SP 800-53 and CNSSI 1253.
• Writing System Security Plan (SSP), associated security controls assessment artifacts, and plan of actions and milestones (POA&Ms).
• Management of security controls assessment artifacts in eMASS in preparation of packages for RMF (DoDI 8510.01, NIST SP 800-37) processes.
• Evaluation of security controls per NIST SP 800-53A.
• Implementation of continuous monitoring solutions per NIST SP 800-137.

Qualifications

Required Qualifications:

• 15 years of experience in RMF/ATOs, and 5 years of experience as a CCRI or SCA-V assessor to supplement.
• Experience developing guidelines/plans, analyses, reviews, and mitigations in the areas of security incident response and mitigation strategies, vulnerability scanning, writing security assessments, and other cyber security-related activities and mandates.
• High-level experience with DoD IT security requirements
• CISSP (Certified Information Systems Security Professional) certification (or CISM, CISSP, CISSO, or GCSA) is required.
• Extensive experience in continuous ATO processes, including RMF, NIST 800-53, and DoD cybersecurity policies.
• Strong background in assessing custom cloud-based applications, utilizing Application Security and Development STIG.
• Strong background in DevSecOps, application security, cloud security, and/or network security.
• Proficiency in vulnerability management with ACAS/Tenable.SC or similar vulnerability scanning platform.
• Excellent communication skills with the ability to brief senior leadership and stakeholders.
• Experience personally drafting RMF products
• AWS Security Specialty certification (Highly Desired)
• RMF Certification or equivalent and detailed knowledge of NIST SP 800-53 (Highly desired)

ITility is an Equal Opportunity Employer ITility is committed to providing a work environment that is non-discriminatory, harassment free, fair, ethical and inclusive. ITility is committed to the principle of equal employment opportunity and complies with all applicable laws which prohibit discrimination and harassment in the workplace. ITility strictly prohibits discrimination or harassment based on race, color, religion, national origin, sex, age, disability or any other characteristic protected by law in all terms, conditions and privileges of employment, including without limitation, recruiting, hiring, assignment, compensation, promotion, discipline and termination. This policy covers conduct occurring at ITility’s offices, client sites, other locations where ITility is providing services, and to all work-related activities. Apply tot his job Apply To this Job