Cybersecurity IT Specialist

The Cybersecurity IT Specialist is responsible for ensuring the security posture of organizational systems by implementing and maintaining Security Technical Implementation Guides (STIGs) and managing the lifecycle of all software to minimize vulnerabilities and ensure compliance. This role requires a strong understanding of security best practices, STIG guidelines, vulnerability management, and software lifecycle processes.

Essential Duties and Responsibilities:

STIG Implementation and Compliance:

• Implement and maintain STIGs across all applicable operating systems, applications, and hardware.
• Conduct regular STIG assessments and vulnerability scans to identify and remediate security gaps.
• Develop and maintain documentation related to STIG implementation and compliance efforts.
• Collaborate with system owners and administrators to ensure timely remediation of STIG findings.
• Stay up-to-date on the latest STIG releases and updates.

Software Lifecycle Management/EOL:

• Maintain an accurate inventory of all software deployed within the organization.
• Track software versions and identify end-of-life (EOL) software.
• Develop and implement plans for upgrading or replacing EOL software.
• Collaborate with stakeholders to prioritize software upgrades and minimize disruptions.
• Research and recommend alternative solutions for EOL software.

Vulnerability Management:

• Create and track ECRs (engineering change request)
• Regularly scan systems for vulnerabilities and security weaknesses.
• Analyze vulnerability scan results and prioritize remediation efforts.
• Coordinate with system owners to implement necessary patches and security updates.
• Track and report on vulnerability remediation progress.

Documentation and Reporting:

• Maintain accurate and up-to-date documentation of all security activities.
• Generate regular reports on STIG compliance, software lifecycle status, and vulnerability management efforts.

Qualifications:

• Bachelor's degree in Computer Science, Information Systems, or a related field, or equivalent experience.
• 3 years of experience in IT security or a related field.
• Strong understanding of security best practices and STIG guidelines.
• Experience with vulnerability scanning and remediation tools.
• Experience with software lifecycle management processes.
• Excellent problem-solving and analytical skills.
• Strong communication and interpersonal skills.
• Relevant certifications such as CompTIA Security , CISSP, or CISM are preferred.

Knowledge, Skills, and Abilities:

• Knowledge of various operating systems (Windows, Linux, macOS).
• Knowledge of networking concepts and protocols.
• Knowledge of ECR process
• Ability to complete STIG scans and quarterly checks
• Ability to work independently and as part of a team.
• Ability to prioritize and manage multiple tasks simultaneously.
• Ability to communicate technical information to both technical and non-technical audiences.