IT Security Specialist – 2025-04

Redstone Arsenal AL

At PROJECTXYZ, we understand that the most important piece of our business is our people. Our employees represent PROJECTXYZ at customer sites and play a critically important role in solving problems and delivering results.

Purpose Of Position

The Security IT Audit Specialist will serve the United States Security Assistance Command and the Defense Security Cooperative Agency (DSCA) as an Information Technology Internal Audit Sustainment Specialist responsible for the Audit Readiness, Sustainment and Security of custom coded and COTS applications and databases. This position will be responsible for activities associated with delivery of Cybersecurity technical control implementation, configuration and architectural solutions associated with customer-defined systems/software projects. The selectee will help the organization bridge the gap between Federal Information System Controls (FISC), National Institute of Standards and Technology (NIST) Controls and DoD Risk Management Framework (RMF) Controls.

Duties and Responsibilities (Essential):

• Responsible for supporting development of a spectrum of engineering artifacts that adequately, but succinctly captures system security requirements, application and network security design, and network security architecture.
• Works in close collaboration with software developers/engineers, quality assurance engineers, stakeholders, and end users within Agile Engineering processes. Demonstrates a working knowledge of enterprise class information assurance requirements, FISCAM, and network security and survivability.
• Responsible for contributing to the design, development and implementation of secure application and infrastructure capabilities for a variety of legacy and modernized systems and applications.
• Works with USASAC security administrators to ensure Separation of Duties, Access Controls, and that audit support functionality is incorporated into the system.
• Works in close collaboration with software developers/engineers, quality assurance engineers, stakeholders, and end users within Agile Engineering processes. Demonstrates a working knowledge of enterprise class information assurance requirements, FISCAM, and network security and survivability.
• Enhances the Implementation of Cybersecurity vulnerability / hardening testing.
• Develops Corrective Action Plans (CAPs) in response to Notifications For Record (NFRs) received from the audit team. Architects & Engineers security develops security goals, capabilities, controls and architecture.
• Maintains security posture audits security settings, tracks security training, monitors threats, tracks reaccreditation and assists with synchronizing efforts for compliance with FISCAM and RMF.
• Continuously evaluates and recommends innovative proven best business practices and tools to enhance defenseindepth.
• Monitors and inspects for approved software usage and implementation of approved security enabled software and tools.
• Works to achieve team objectives, operational plans with measurable contribution towards the achievement of results of the job function or completion of a project.
  
  

Qualifications:

• Minimum Security CE or equivalent, CISSP, CISM or CISA preferred.
• Must be a U.S. Citizen with the ability to pass background investigation.
• BA or BS degree in computer science, electronics engineering or other engineering or technical discipline.
• Five years of experience in a professional work environment or 13 years of experience in a professional work environment lieu of education.
• Experience managing complex system records in the Enterprise Mission Assurance Support Service (eMASS) tool.
• Experience with supporting system Authority to Operate (ATO) processes and creating artifacts, control implementation details, and POAMs.
• Experience with Information Security Continuous Monitoring (ISCM), RMF and automation.
• Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool, Risk Management Framework (RMF), and security compliance processes.
• Experience with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) criteria.
• Experience with auditing and authorizing Line of Business (LoB) software application to include identifying, diagnosing and mitigating problems and factors affecting application performance; makes technical recommendations for changes or upgrades.
• Experience with supporting system Authority to Operate (ATO) processes and creating artifacts, control implementation details, and POAMs
• Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders.
• Strong analytical and problemsolving skills with ability to collaborate with clients and identify engagement followon opportunities.
• Technical Project Management experience is preferred.
• Experience working on unusually complicated problems and providing solutions that are highly creative and ingenious, exhibiting ingenuity, creativity and resourcefulness.
  
  

Physical Factors

• Work environment is predominately office
• Must be able to sit for extended periods of time.
• Must be able to operate a computer for extended periods of time
• Must be able to operate a phone both making and receiving calls and taking or conveying information
• Must communicate effectively, both verbally and in writing
• Occasionally lifts/moves up to 25 pounds
  
  

Submit resume. Please reference position title and Position Number.

PROJECTXYZ is an equal opportunity employer encouraging individuals with disabilities and veterans to apply.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.

PROJECTXYZ is committed to providing a work environment that is free from unlawful discrimination and harassment in any form. PROJECTXYZ will make reasonable accommodations for qualified individuals with disabilities unless doing so would result in an undue hardship. If you are interested in applying for employment and feel you need a reasonable accommodation pursuant to the ADA, you are encouraged to contact us at 256.721.9001 x 155.