IT Security Specialist

L2 Cyber Solutions (L2 Cyber) has a Federal contract with the National Oceanic and Atmospheric Administration (NOAA), Office of the Chief Information Officer.

As an IT Security Specialist, you will serve as the Information System Security Officer (ISSO) for NOAA’s Information Technology Center (ITC).  As the ISSO you will be responsible for ensuring the implementation of information security requirements. A successful candidate is a subject matter expert in all things related to securing multiple applications and operating environments. A successful candidate will also have comprehensive knowledge of Federal IT security regulatory requirements and standards.

Responsibilities include, but are not limited to

• Ensures security standards and best practices are appropriately integrated into development of cloud applications and deployments.
• Provide guidance to developers and other technical stakeholders on security topics, and educate members on their responsibility regarding the shared security model
• Document systems architecture, configuration & deployment plans with security aspects in mind
• Directly contribute to security documentation (System Security Plan (SSP), FIPS 199 Criticality Assessment, FIPS 200 Control Tailoring, Configuration Management Plan (CMP), System Contingency Plan (CP), Business Impact Assessment (BIA), Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), Plans of Action and Milestones (POA&M)) IAW customer directives (e.g. NIST, NOAA/DOC) throughout the information system's A&A lifecycle
• Support all Assessment & Authorization (A&A) activities
• Draft and maintain Acceptance of Risk(s) documentation, and perform routine vulnerability/risk assessment analysis
• Identify vulnerabilities, risks, and protection measures as it relates to information systems
• Update system-level policies and assist in developing procedures that meet Federal IT security requirements
• Assess new technologies and advise how to correctly implement security controls using those tools per NIST guidelines and cloud best practices
• Achieve Control compliance with supporting artifacts and conduct gap analysis of security controls
• Ensure IT systems have all security controls in place and functioning properly in accordance with NIST 800-53A publication
• Conduct and evaluate/analyze vulnerability results from the following set of tools to include but not limited to: NESSUS/TenableSecurity Center, CSAM, Arcsight, BigFix, and WebInspect
• Demonstrate understanding of the Federal Authority to Operate (ATO) process

Required Experience, Knowledge, Skills, and Abilities

• BS/BA in relevant field, or equivalent experience
• 5+ years of relevant experience
• Federal IT system cybersecurity experience
• CISSP, GIAC certifications, CISA, CISM, SEC+, or a similar certification
• Knowledge of TCP/IP networking, SMTP, HTTP, load-balancers and VPC’s
• Experience with centralizing, querying, and setting up alerts based off AWS CloudTrail, AWS Config, and VPC Flow Logs
• Familiar with enterprise cybersecurity architecture and its data collection points, as it relates to incident response and investigations (antivirus, firewalls, email gateways, DNS, web and content filtering proxies, logging infrastructure, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Event Information Management Systems (SEIMS), etc.)
• Experience with CSAM, Tenable Security Center, Nessus, etc.
• Ability to analyze and understand cyber threat actor capabilities and intentions, methodologies, methods, and motives
• Ability to perform threat vector risk assessments
• Ability to interact with other staff and senior Federal employees – technical and non-technical personnel
• Ability to manage multiple tasks in a fast-paced environment
• Possess a positive and self-motivating attitude
• Excellent written, verbal, and analytical skills
• Must have, or be able to, pass a US Government Background Investigation (this is a non-cleared position)
• Must be a U.S. citizen

Additional Information

• This is a fully remote position, you must be able to effectively work remotely with minimal direct supervision
• Client location is Silver Spring, MD (ET zone), preference given to applicants in the DMV or located in CO
• Travel may be required for key meetings/engagements (5-10%)

Benefits

• In compliance with Colorado’s Equal Pay for Equal Work Act, the salary range for this role in Colorado is $80,000 - $115,000
• Medical, vision, dental, life, and disability coverage
• 401(k) w/ matching contribution up to 3%
• Education/professional development assistance
• Competitive PTO w/ additional company paid Holidays
• Remote office technology assistance

About L2 Cyber Solutions

L2 Cyber Solutions is a Woman-Veteran owned small business that provides niche Cybersecurity Engineering & Consulting, Portfolio/Program/Project Management, Risk Management, and Assessment & Authorization services. We have been named a ColoradoBiz Top 100 Woman-Owned Company, and Top 250 Private Company - we recognize that these awards are made possible because of our employees.

At L2 Cyber Solutions, we make our employment decisions based on business needs, job requirements, and individual qualifications. We are an Equal Opportunity Employer, and encourage all qualified individuals to apply.