Information Security Compliance Specialist

Tactibit Technologies provides innovative information technology, cybersecurity, and cloud support services to the Federal Government. We support some of the nation's most critical and demanding projects including satellite operations, critical infrastructure, and search and rescue. We are a diverse team of hands-on professionals dedicated to solving problems and developing innovative solutions in support of our customers' critical missions. Our success is dependent on our inclusive, collaborative environment with a shared commitment to excellence in everything we do.

About the Information Security Compliance Specialist position

We are looking for a talented cybersecurity professional to join our team in Suitland, MD. You will provide information security support for NOAA's satellite operations missions. You will help develop and maintain effective security and risk management programs on complex government information systems. As an Information Security Compliance Specialist, you will be expected to document security control implementations, maintain a variety of security documents, and monitor the effectiveness of the overall security program.

We expect you to have a passion for cybersecurity and attention to detail. You should have a desire to work with satellite data and products for the public and government. Besides, you should be able to perform well working in a team, along with system administrators, engineers and scientists.

This position is located at a government facility in Suitland, MD. The position is eligible for a flexible work arrangement.

Information Security Compliance Specialist responsibilities are:

• Provide overall cybersecurity program support to the Information System Security Officer (ISSO) and System Owner (SO)
• Provide security documentation support including documenting the implementation details of security controls in System Security Plans
• Identify and recommend technical or policy changes to improve security
• Plan, coordinate, and review technical artifacts to demonstrate the effectiveness of security controls
• Support security control assessments, penetration tests, and similar testing efforts by coordinating with stakeholders, communicating project plans, and providing guidance to technical and non-technical staff
• Write and maintain core security documentation including System Security Plans and Contingency Plans
• Plan, manage, and oversee Plans of Actions and Milestone (POA&Ms)
• Coordinate security efforts and improvements with stakeholders including system administrators and operations teams
• Monitor and report on vulnerability management program effectiveness including vulnerability scanning and patch management
• Coordinate responses to data calls, audits, and other external requests
• Coordinate security assessment efforts including Security Controls Assessments (SCAs), penetration testing, and risk assessments
• Plan, manage, and coordinate annual system assessment and authorization activities, to include continuous monitoring

Information Security Compliance Specialist requirements are:

• 3+ years of cybersecurity experience
• Experience with Federal government environments and concepts including NIST Risk Management Framework, NIST SP 800-53 security controls, and DISA Security Technical Implementation Guides (STIGs)
• Strong problem solving skills and ability to work under pressure
• Strong written and verbal communication skills
• Ability to understand and explain complex security concepts and requirements to a variety of technical and non-technical personnel
• BS degree in Computer Science, Cybersecurity, or other related area
• Must be a US Citizen and eligible to obtain a security clearance

Desired Qualifications are:

• Experience with government security assessment and management tools such as CSAM
• Experience with the NIST Risk Management Framework
• Experience with issue tracking and configuration management systems and processes
• Industry certifications such as CISSP, GIAC certifications, Security+, and others
• Experience with vulnerability management tools including Tenable Nessus
• Experience with continuous monitoring and log management tools including ArcSight, BigFix, ePolicy Orchestrator, and similar tools
• Active Secret security clearance