IT Security Specialist II - Information Security Officer

Position Overview:
We are seeking a highly skilled Information Assurance (IA) professional to support the Department of Homeland Security (DHS) Science & Technology (S&T) Office of the Chief Information Officer (OCIO) and Chief Information Security Officer (CISO). This role is responsible for executing IA and FISMA compliance activities across a portfolio of approximately 20–40 systems and 2,000–4,000 endpoints.

The ideal candidate will have strong experience in Risk Management Framework (RMF) processes, security assessments, continuous monitoring, and Information System Security Officer (ISSO) support throughout the system lifecycle.

Key Responsibilities:
Execute NIST Risk Management Framework (RMF) processes in alignment with NIST SP 800-37, 800-53, and 800-30
Develop and support Assessment & Authorization (A&A) artifacts, including Security Assessment Plans (SAP), Security Assessment Reports (SAR), and Authorization to Operate (ATO) packages
Conduct vulnerability assessments, penetration testing, and system configuration reviews
Manage Plans of Action and Milestones (POA&Ms), continuous monitoring activities, and compliance reporting in accordance with Federal Information Security Modernization Act (FISMA) and DHS 4300A requirements
Provide direct support to ISSOs in developing security documentation, preparing for audits, and maintaining system authorization packages
Analyze system security risks and provide actionable mitigation recommendations to system owners and stakeholders
Perform security tool analysis and log reviews using tools such as Splunk, Tenable Nessus, and Continuous Diagnostics and Mitigation (CDM) tools
Support incident response efforts, vulnerability remediation activities, and audit readiness initiatives

Required Qualifications:
Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field
5+ years of experience in Information Assurance, cybersecurity, or RMF-based security compliance
Strong knowledge of NIST standards and federal security frameworks
Experience supporting A&A processes and maintaining ATO packages
Hands-on experience with vulnerability scanning, security assessment tools, and log analysis platforms
Familiarity with DHS security policies (e.g., DHS 4300A) and FISMA compliance requirements

Preferred Qualifications:
Experience supporting federal agencies, particularly DHS environments
Relevant certifications such as CISSP, CISM, or Security+
Experience with SIEM platforms and endpoint security tools
Strong analytical, communication, and documentation skills