Senior Information System Security Specialist

Senior Information System Security Specialist / Analyst

This position requires an active Public Trust clearance.

As a Senior Information System Security Specialist / Analyst supporting the Department of Transportation (DoT), you will be responsible for developing and maintaining Information System core and privacy documentation while supporting cybersecurity operations across the System Development Life Cycle (SDLC). This role combines ATO documentation, RMF compliance, and hands-on cybersecurity analysis to ensure systems meet federal security requirements and maintain a strong security posture. You will collaborate with system owners, developers, and cross-functional teams to implement secure solutions that support mission objectives.

Compensation & Benefits:
Estimated Starting Salary Range for Senior Information System Security Specialist / Analyst: $140,000 to $155,000.
Pay commensurates with experience.
Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided. Benefits are subject to change with or without notice.

Senior Information System Security Specialist / Analyst Responsibilities Include:

* Provide support to the continuous monitoring process, assessing and evaluating Information Systems (hardware and software) to detect vulnerabilities and identify security weaknesses, including those inherited from FedRAMP cloud service providers and networked environments

* Track, analyze, and remediate vulnerabilities identified through Continuous Diagnostic and Mitigation (CDM) tools and other security platforms, ensuring corrective actions are implemented to improve system security posture

* Provide cybersecurity expertise across the System Development Life Cycle (SDLC), supporting Agile, DevSecOps, and traditional development models, including Security Assessment and Authorization (SA&A) and Information System Continuous Monitoring (ISCM)

* Develop and maintain ATO documentation including System Security Plans (SSP), Privacy Impact Assessments (PIA), Privacy Threshold Analyses (PTA), System of Records Notices (SORN), and supporting artifacts

* Assist system owners, information owners, and ISSMs in managing Plans of Action and Milestones (POA&Ms), including identifying gaps, developing remediation strategies, and tracking progress

* Conduct quality assurance reviews of POA&Ms to ensure accuracy, completeness, and cost-effective remediation strategies

* Perform vulnerability scanning and security assessments across Linux, Windows, and cloud environments using tools such as Nessus, BigFix, Splunk, and similar platforms

* Maintain and update system information in Cyber Security Assessment and Management (CSAM/JCAM) or equivalent systems

* Support contingency planning activities, including Business Impact Analysis (BIA), testing, and documentation in accordance with NIST SP 800-34

* Provide support for audit readiness by preparing documentation and assisting with responses to internal and external audits

* Collaborate with system owners, business stakeholders, and IT operations teams to gather information, resolve issues, and ensure compliance with federal cybersecurity requirements

* Support system inventory management, interconnections, and security documentation aligned with NIST standards

* Perform other job-related duties as assigned

Senior Information System Security Specialist / Analyst Experience, Education, Skills, Abilities requested:

* Bachelor's degree in information systems, cybersecurity, or related field
* Without a bachelor's degree, at least 10 years of related experience required
* Minimum of 8 years of information systems and network security experience
* Minimum of 5-6 years of experience supporting federal government customers, including development and maintenance of ATO packages
* Strong understanding of Federal Information Security Modernization Act (FISMA) requirements and reporting
* Strong knowledge of NIST Risk Management Framework (RMF), including NIST SP 800-37, 800-53, 800-18, and related standards
* Experience with FedRAMP and cloud security environments
* Experience performing vulnerability scanning, assessment, and remediation across enterprise systems
* Background in network security or system administration
* Experience assisting system owners with mitigation and remediation activities through POA&M management
* Experience with enterprise security architecture methodologies, tools, and best practices
* Knowledge of contingency planning, backup and recovery, and system resilience practices
* Ability to analyze security risks and provide actionable recommendations to improve system security posture
* Must be comfortable working with system owners and IT operations teams to gather and validate information
* Strong written and verbal communication skills

Technical Skills

* RMF, ATO, SSP, POA&M, PIA/PTA/SORN documentation
* CSAM / JCAM or equivalent authorization platforms
* Vulnerability management tools (Nessus, BigFix, Splunk, Invicti, etc.)
* Cloud security (AWS/Azure, FedRAMP)
* Linux, Windows, and network security fundamentals
* DevSecOps and SDLC security integration
* Identity and Access Management (IAM/ICAM)

Certifications:

* Minimum of a Certified Information Systems Security Professional (CISSP) or ability to obtain within 6 months
* Highly Desired: Certified Information Privacy Professional (CIPP)
* Certified Cloud Security Professional (CCSK) or other cloud certifications preferred
* Additional certifications such as PMP, ITIL, CRISC, or CASP are a plus
* Must pass pre-employment qualifications of Cherokee Federal

Company Information:
Criterion is a part of Cherokee Federal - the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government's mission with compassion and heart. To learn more about Criterion, visit cherokee-federal.com.

#CherokeeFederal #LI-SM2 #AppC

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Similar searchable job titles:
* IT Systems Analyst
* Systems Security Engineer
* Systems Support Specialist

Keywords:
* Information Systems
* Cybersecurity Specialist
* System Security
* Performance Optimization
* User Support

Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request. Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.