• Support Assessment and Authorization activities required to validate and maintain RMF compliance for project infrastructure, systems, and services.
• Assist in defining cybersecurity and application security requirements for project initiatives.
• Support the design, structuring, and testing of security components and control implementations.
• Identify, analyze, and report security impacts using COTS vulnerability scanning tools and static and dynamic code scanning tools.
• Assist with vulnerability management activities, including findings review, documentation, reporting, and remediation tracking.
• Prepare management-level communications, status reporting, and cybersecurity metrics.
• Support security assessments of applications and infrastructure against RMF controls and development security requirements.
• Document compliance evidence, assessment results, and remediation activities to support ongoing authorization and continuous monitoring.
• Collaborate with technical teams, security stakeholders, and program leadership to address security gaps and strengthen compliance posture.
• Maintain focus and effectiveness in a high-intensity environment, including support for rotating 12-hour shifts with 4 days on and 3 days off, as required.
Required Qualifications
• Bachelor’s degree in cybersecurity, information technology, computer science, or a related field.
***Active Secret Clearance Requires***
• 3 to 5 years of relevant cybersecurity experience.
• Experience supporting RMF and Assessment and Authorization processes.
• Knowledge of RMF controls and their applicability to application security.
• Experience supporting security requirements definition, control implementation, and testing activities.
• Experience identifying, analyzing, and reporting vulnerabilities and security impacts.
• Familiarity with COTS vulnerability scanning tools and static and dynamic code scanning tools.
• Ability to communicate technical issues, risks, and metrics effectively to management audiences.
• Working knowledge of vulnerability management and reporting processes.
• Understanding of application security and development security requirements.
• Familiarity with OWASP Top 10 and common web application security risks.
• Ability to work effectively in a fast-paced operational environment and adapt to changing priorities.
• Ability to work a rotating 12-hour shift schedule with 4 days on and 3 days off, when required.
Preferred Qualifications
• CompTIA Security+ certification.
• DoD 8140-compliant certification at the intermediate or advanced level.
• Experience in cloud cyber defense.
• Experience supporting application security in infrastructure and service environments.
• Strong analytical, documentation, and reporting skills.
• Ability to prepare concise executive-ready status updates and performance metrics.
• Demonstrated adaptability and effectiveness during high-intensity operational periods.
Job Specific Skills
• Risk Management Framework (RMF) controls and application security - Advanced
• Cyber Security Management - Advanced
• Cloud Cyber Defense - Intermediate
• Code scanning tools - Intermediate
• Vulnerability Management and Reporting - Intermediate
• OWASP Top 10 - Intermediate
• Application Security and Development Security Requirements - Intermediate
• Adaptability and operational resilience in rotating shift environments – Intermediate
#cjpost
• Support Assessment and Authorization activities required to validate and maintain RMF compliance for project infrastructure, systems, and services.
• Assist in defining cybersecurity and application security requirements for project initiatives.
• Support the design, structuring, and testing of security components and control implementations.
• Identify, analyze, and report security impacts using COTS vulnerability scanning tools and static and dynamic code scanning tools.
• Assist with vulnerability management activities, including findings review, documentation, reporting, and remediation tracking.
• Prepare management-level communications, status reporting, and cybersecurity metrics.
• Support security assessments of applications and infrastructure against RMF controls and development security requirements.
• Document compliance evidence, assessment results, and remediation activities to support ongoing authorization and continuous monitoring.
• Collaborate with technical teams, security stakeholders, and program leadership to address security gaps and strengthen compliance posture.
• Maintain focus and effectiveness in a high-intensity environment, including support for rotating 12-hour shifts with 4 days on and 3 days off, as required.