Cybersecurity Specialist
Rockville, MD - USA
Job Summary
Job Family:
IT Cyber Security
Travel Required:
Clearance Required:
What You Will Do:
The ideal candidate is a detail-oriented cybersecurity professional who can support secure operations compliance risk management and continuous monitoring for a mission-critical federal grants platform. This role emphasizes federal security requirements ATO support POA&M management incident response security documentation vulnerability coordination and collaboration across technical operational and federal stakeholder teams.
As a Security Specialist you will support cybersecurity privacy compliance and risk management activities for application operations application platform services approved enhancements transition activities disaster recovery and ongoing modernization coordination. You will work closely with federal security stakeholders system owners ISSOs architects developers operations staff cloud teams database administrators testers IV&V partners helpdesk partners and program leadership to help ensure complies with applicable federal and agency IT security privacy and compliance regulations policies standards and requirements. You will contribute to secure operations through security documentation continuous monitoring vulnerability tracking POA&M coordination incident response support ATO activities and security oversight for a public-facing federal shared service.
Support implementation monitoring and documentation of federal cybersecurity privacy and compliance requirements for applications platform services chatbot capabilities integrations and related support systems.
Contribute to Authority to Operate activities including security documentation updates control evidence collection assessment preparation remediation tracking and coordination with federal security stakeholders.
Manage and support POA&M activities by tracking findings coordinating remediation owners documenting milestones validating closure evidence and communicating risk status to program and security leadership.
Coordinate vulnerability management activities including scan review issue triage remediation planning exception tracking patch coordination and verification of resolved findings across application and platform teams.
Support security monitoring intrusion detection coordination incident response incident notification incident reporting root cause analysis and recommendations to reduce recurrence.
Coordinate with development operations cloud database network and application platform teams to ensure security considerations are incorporated into releases configuration changes deployments maintenance activities and enhancements.
Review system changes technical designs operational procedures and documentation for security impacts compliance alignment and required updates to security artifacts.
Support disaster recovery continuity of operations backup recovery demonstrations and contingency planning activities from a security and compliance perspective.
Maintain and update security-related artifacts including system security documentation control implementation details risk registers incident reports remediation plans operating procedures and compliance evidence.
Support transition-in and transition-out activities by helping validate security documentation accounts certificates licenses support systems inventories controls and operational security responsibilities.
Prepare and communicate security status risks issues remediation progress incident impacts control gaps and compliance recommendations in formats appropriate for executive federal technical and non-technical audiences.
What You Will Need:
Bachelors degree . Additional Four(4) years of exp needed in lieu of degree.
5 years of experience supporting cybersecurity information assurance compliance risk management or security operations for enterprise systems federal IT programs or mission-critical applications.
Demonstrated experience supporting ATO activities security documentation control evidence collection assessment preparation continuous monitoring POA&M management or remediation tracking.
Working knowledge of federal cybersecurity requirements and frameworks including FISMA NIST 800-53 FedRAMP privacy requirements security assessment processes and risk management practices.
Experience coordinating vulnerability management patch remediation security findings exception requests scan analysis incident response and compliance evidence across technical teams.
Ability to coordinate effectively with federal security stakeholders ISSOs system owners developers testers operations teams cloud teams database administrators helpdesk partners IV&V teams and other contractors.
Strong understanding of:
Security control implementation evidence collection assessment readiness and continuous monitoring
POA&M tracking vulnerability remediation risk acceptance exception management and closure validation
Incident response incident notification root cause analysis security monitoring and corrective action planning
Secure SDLC DevSecOps practices release coordination configuration management and change impact analysis
Security documentation risk reporting compliance dashboards and stakeholder communications
Experience using security compliance and collaboration tools such as vulnerability scanners ticketing systems GRC platforms Jira Azure DevOps Confluence SharePoint Microsoft Teams or similar platforms.
Excellent communication analytical documentation coordination and problem-solving skills with the ability to explain security risks and compliance needs to executive federal technical and non-technical audiences.
Must be able to OBTAIN and MAINTAIN a Federal or DoD PUBLIC TRUST; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.
What Would Be Nice To Have:
Experience supporting federal grants management systems shared service platforms or large public-facing government applications.
Experience with
Experience with HHS ACF CMS HRSA NIH or other federal grant-making agencies.
Knowledge of HHS Enterprise Performance Life Cycle (EPLC) federal IT governance ATO processes security assessment activities and compliance-driven delivery environments.
Experience with -like capabilities including public-facing web applications applicant submissions grantor user management S2S integrations forms processing chatbot support helpdesk escalations or system status communications.
Experience supporting cloud-hosted applications AWS environments application platform security certificate management account management logging monitoring backup validation or disaster recovery planning.
Experience supporting modernization consolidation transition-in or multi-vendor integration initiatives involving multiple applications and stakeholder organizations.
Relevant certifications or credentials such as:
Security Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) or equivalent cybersecurity certification
Certified Authorization Professional (CAP) Certified in Governance Risk and Compliance (CGRC) or equivalent federal compliance credential
AWS Security Specialty AWS Solutions Architect or equivalent cloud security certification
ITIL SAFe DevSecOps or other relevant federal IT service delivery certification
What We Offer:
Guidehouse offers a comprehensive total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
Medical Rx Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Parental Leave
401(k) Retirement Plan
Group Term Life and Travel Assistance
Voluntary Life and AD&D Insurance
Health Savings Account Health Care & Dependent Care Flexible Spending Accounts
Transit and Parking Commuter Benefits
Short-Term & Long-Term Disability
Tuition Reimbursement Personal Development Certifications & Learning Opportunities
Employee Referral Program
Corporate Sponsored Events & Community Outreach
annual membership
Employee Assistance Program
Supplemental Benefits via Corestream (Critical Care Hospital Indemnity Accident Insurance Legal Assistance and ID theft protection etc.)
Position may be eligible for a discretionary variable incentive bonus
About Guidehouse
Guidehouse is an Equal Opportunity EmployerProtected Veterans Individuals with Disabilities or any other basis protected by law ordinance or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities or to apply for a position and you require an accommodation please contact Guidehouse Recruiting at 1- or via email at . All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @ or . Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.
If any person or organization demands money related to a job opportunity with Guidehouse please report the matter to Guidehouses Ethics Hotline. If you want to check the validity of correspondence you have received please contact . Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicants dealings with unauthorized third parties.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.
Required Experience:
IC
About Company
Guidehouse is the only scaled advisory consultancy in the world to fully integrate commercial and public or government businesses within each of our industry segments because complex problems require both perspectives to address and outwit.