Security Configuration Management Lead

Security Configuration Management Lead

Please Note:  This position is pending a contract award.  If you are interested in a future with Cherokee Federal, APPLY TODAY!  Although this is not an approved position, we are accepting applications for this future and anticipated need.

This position requires an active Public Trust clearance or the ability to obtain a  Public Trust clearance to be considered. 

Cherokee Nation System Solutions, LLC is seeking an experienced Security Configuration Management Lead to manage and optimize security configuration management (SCM) processes at the U.S. National Science Foundation (NSF). This role involves coordinating across teams to ensure NSF systems remain secure, compliant with federal regulations, and aligned with cybersecurity best practices. This position will report to the Cybersecurity Oversight and Compliance Team Lead.

The ideal candidate will have a strong background in IT security, configuration management, and federal environments, with expertise in customizing Security Technical Implementation Guides (STIGs) and Center for Internet Security (CIS) benchmarks using NASL (Nessus Attack Scripting Language) for integration with Tenable.sc and Nessus.

Compensation & Benefits:

Estimated Starting Salary Range for Security Configuration Management Lead: [Enter$] 

Pay commensurate with experience.

Full time benefits include Medical, Dental, Vision, 401K, and other possible benefits as provided.  Benefits are subject to change with or without notice.

Security Configuration Management Lead Responsibilities Include: 

• Project Management: Lead SCM projects from initiation to completion, ensuring compliance with federal standards and alignment with NSF's organizational goals.
• Collaboration: Work with Infrastructure Services, Vulnerability Management, Incident Response, and Cybersecurity Oversight and Compliance teams to establish and maintain secure configurations for all IT assets and systems.
• Security Configuration Standards: Develop and maintain security configuration baselines and guidelines in compliance with FISMA, NIST SP 800-53, and related regulations.
• STIG and CIS Customization: Customize security configuration baseline audit files based on STIGs and CIS benchmarks for integration with Tenable.sc using NASL.
• Tenable.sc Integration: Manage the integration of customized benchmarks into Tenable.sc, ensuring accurate vulnerability assessments. Collaborate with Infrastructure Services and Vulnerability Management teams to optimize settings and monitoring parameters.
• ServiceNow Integration: Integrate SCM workflows with ServiceNow for efficient tracking of incidents, changes, and remediations. 
• Change and Risk Management: Document security configuration changes and manage risks, ensuring timely vulnerability remediation in line with federal guidelines.
• Compliance Monitoring: Conduct audits and assessments to ensure compliance with federal regulations and internal NSF policies.
• Documentation and Reporting: Prepare detailed project plans, status reports, and documentation for leadership and stakeholders. 
• Training and Awareness: Stay informed on evolving cybersecurity practices and participate in professional development. Train internal teams on SCM practices and the importance of secure configurations.
• Continuous Improvement: Evaluate and refine SCM processes to enhance security posture and operational efficiency.
• Performs other job-related duties as assigned

Security Configuration Management Lead Experience, Education, Skills, Abilities requested: 

• Bachelor’s degree in Information Technology, Cybersecurity, or related fields; Master’s degree preferred.
• Minimum 5 years in cybersecurity, configuration management, or systems administration, including at least 3 years managing projects in a federal environment. Hands-on experience with Tenable.sc, Nessus, and NASL is required.
• Security required; preferred certifications include CISSP, PMP, or CCMP.
• Leadership experience with the ability to manage multiple tasks simultaneously.
• Expertise with Tenable.sc, Nessus, and NASL, including STIG and CIS benchmark customization.
• In-depth knowledge of federal cybersecurity frameworks, including FISMA, NIST 800-53, and NIST 800-171.
• Strong understanding of system hardening and secure configurations across various platforms (e.g., Windows, Linux, network devices) and databases (e.g., MS SQL, PostgreSQL).
• Experience with patch management and vulnerability remediation in collaboration with the Vulnerability Management Team.
• Familiarity with deploying and maintaining secure configurations in cloud and on-premises environments.
• Preferred Skills:
  • Familiarity with security configuration management tools.
  • Proficient in Splunk for security monitoring and analytics.
  • Experience with integrating ServiceNow for incident management, change control, and remediation workflows.
  • Proficiency with ServiceNow, Microsoft 365, Teams, Zoom, Acrobat Pro, and Notepad .
  • Familiarity with cloud environments (e.g., AWS, Azure) and federal compliance requirements.
• Must pass pre-employment qualifications of Cherokee Federal

Company Information:

Cherokee Nation System Solutions (CNSS) is a part of Cherokee Federal – the division of tribally owned federal contracting companies owned by Cherokee Nation Businesses. As a trusted partner for more than 60 federal clients, Cherokee Federal LLCs are focused on building a brighter future, solving complex challenges, and serving the government’s mission with compassion and heart. To learn more about CNSS, visit cherokee-federal.com.

#CherokeeFederal #LI #LI-REMOTE

Cherokee Federal is a military friendly employer. Veterans and active military transitioning to civilian status are encouraged to apply.

Keywords

1. Security Configuration Management (SCM)
2. STIG and CIS Benchmarks
3. Tenable.sc and Nessus
4. Vulnerability Remediation
5. NASL (Nessus Attack Scripting Language)

Similar Job Titles

1. Configuration Management Specialist
2. Cybersecurity Configuration Lead
3. Information Security Lead
4. Vulnerability Management Lead
5. IT Security Compliance Manager

Legal Disclaimer: Cherokee Federal is an equal opportunity employer. Please visit cherokee-federal.com/careers for information regarding our Affirmative Action and Equal Opportunity Employer Statement, and Accommodation request.

Many of our job openings require access to government buildings or military installations. Candidates must pass pre-employment qualifications of Cherokee Federal.