The Information Security Specialist, Senior will support the client by delivering expertise in information security operations, risk mitigation, vulnerability management, and compliance with federal security policies. The individual oversees security administration for applications and systems, coordinates vulnerability assessments, and ensures operational safeguards that maintain the confidentiality, integrity, and availability of systems.

Key focus areas include:

• Safeguarding CJIS Division information systems by implementing and maintaining robust security controls.
• Assessing and remediating vulnerabilities to meet compliance with federal guidelines, including NIST and FISMA standards.
• Supporting lifecycle security model processes to ensure secure system architecture and administration.

• Operate and maintain the Vulnerability Assessment Lab (VAL) to ensure security monitoring and vulnerability remediation.
• Develop and implement risk mitigation strategies for legacy systems and modern technologies, including cloud-based solutions.
• Support the CJIS Division Information Security Officer (ISO) program, ensuring compliance with security policies.
• Monitor and review system logs, audit logs, and security alerts using tools like Splunk to identify potential issues.
• Perform vulnerability assessments, document findings, and recommend remediation strategies.
• Conduct security evaluations to verify and validate that information systems meet operational security controls throughout the lifecycle.
• Collaborate with system owners and technical stakeholders to recommend security enhancements and mitigate system risks.
• Support the development of compliance documentation, including Plans of Action & Milestones (POA&Ms), Security Risk Assessments, and System Security & Privacy Plans (SSPPs).
• Assist in the installation, configuration, and maintenance of security systems, ensuring tools and applications remain secure and effective.
• Provide input on incident response processes and support system audits, analysis, and reporting activities.
• Conduct change management reviews and ensure that new system features and architectural updates adhere to security standards.
• Enforce compliance with mandatory training requirements for privileged users to avoid unauthorized access issues.
• Use various security tools (e.g., Splunk, Tenable Security Center, Microsoft Defender, and BigFix) to conduct continuous monitoring and ensure system compliance with federal mandates.
• Prepare and deliver comprehensive security reports and presentations for leadership, documenting risk assessments, system statuses, and recommendations.
• Assist in network mapping and documentation efforts, ensuring transparency in system designs, flows, and access points regarding systems.

Minimum Education Requirements:

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field.

• • Master’s in Cybersecurity or related field, preferred

Minimum Experience Requirements:

• Minimum of 6+ years of hands-on experience in information security, including assessments, monitoring, and risk mitigation.

 Certification Requirements:

• Tower CompTIA Security+ or equivalent, preferred
• Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH), preferred
• A cloud-focused certification, such as AWS Certified Security Specialty or Microsoft Azure Security, preferred
• Engineer Associate, strongly preferred.

Technical Skills:

• Proficient in utilizing security tools like Splunk, Tenable Security Center, JIRA, Confluence, and Microsoft Defender.
• Adept at conducting vulnerability assessments, preparing compliance documentation, and presenting findings to stakeholders.
• Strong knowledge of federal security standards (e.g., NIST Risk Management Framework and FISMA compliance).
• Exceptional communication and problem-solving abilities in technical environments.
• Experience working in Scaled Agile Framework (SAFe) environments or similar, preferred
• Ability to develop secure web applications and interfaces adhering to industry-recognized best practices (e.g., OWASP Top 10), preferred
• Expertise in security engineering for cloud-based systems and emerging technologies (e.g., automation, virtualization), preferred

 Human Relationship Skills:

• Highly motivated and is at ease with handling or managing multiple tasks at any one time
• Self-starter with the ability to learn new tasks and skills.
• Strong organization and communications skills.
• Team Player

Additional Abilities:

• Must be able to pass a background check and additional background checks as required by projects and/or clients at any time during employment.
• Active Top Secret clearance

Other Duties: Please note this job description is not designed to cover or contain a comprehensive list of activities, duties or responsibilities that are required of the employee for this job.  Duties, responsibilities, and activities may change at any time with or without notice.

Affirmative Action/EEO Statement: Cayuse is an Equal Opportunity Employer.  All employment decisions are based on merit, qualifications, skills, and abilities. All qualified applicants will receive consideration for employment in accordance with any applicable federal, state, or local law.