Location: Multiple DAF Bases (NCR and CONUS)
Job Category: Information Technology
Time Type: Full-time
Clearance Requirement: Current DoD Secret Clearance required
Security Suitability: Must be able to obtain and maintain a favorable background investigation
Employee Type: W2 and 1099 options available
Citizenship: US Citizen, no Dual Citizenship
NexThreat is seeking a Senior Cybersecurity Specialist with a focus on Information Systems Security Officer (ISSO) responsibilities to provide leadership and technical expertise for the Department of the Air Force (DAF) cybersecurity program at multiple DAF Bases. This role involves leading the implementation and maintenance of cybersecurity programs, mentoring junior staff, and acting as a subject matter expert in the Risk Management Framework (RMF) process. Experience with site surveys is highly preferred.
Key Responsibilities:
· Lead the development, implementation, and maintenance of cybersecurity plans, policies, and procedures in accordance with DoD, DAF, and RMF requirements.
· Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews, EMSEC).
· Oversee the assessment and authorization (A&A) process for information systems, including documentation preparation, security control assessment, and risk mitigation.
· Lead and conduct vulnerability scans and oversee the remediation of identified vulnerabilities.
· Monitor security controls and system logs to identify potential security incidents and policy violations.
· Lead and participate in incident response activities, including investigation, containment, eradication, and recovery.
· Provide expert cybersecurity guidance and support to system owners, administrators, and users.
· Maintain accurate and up-to-date records of system configurations, security documentation, and incident reports.
· Collaborate with other cybersecurity personnel and stakeholders to ensure a consistent and effective security posture.
· Lead cybersecurity meetings and interact with USG RMF personnel.
· Lead and conduct site surveys to assess physical and environmental security controls.
· Stay current with relevant cybersecurity regulations, policies, and best practices.
· Mentor and train junior cybersecurity staff.
· Serve as a technical point of contact and subject matter expert for ISSO-related matters.
· Maintain COMSEC related documentation.
· Develop corrective action plans, as needed.
Unique Skills/Tasks/Software:
· Required: Expert-level experience with the DoD Risk Management Framework (RMF) process.
· Preferred: Experience with tools such as ACAS, SCAP, eMASS, Xacta, Splunk, and Microsoft Sentinel.
· In-depth understanding of NIST SP 800-series publications, particularly those related to risk management and security controls.
Preferred Certifications:
· (ISC)² CISSP (Certified Information Systems Security Professional)
· ISACA CISM (Certified Information Security Manager)
· (ISC)² CAP (Certified Authorization Professional)
· GIAC Security Leadership Certification (GSLC)
Qualifications:
· Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field, or 8 years of relevant experience in lieu of a degree.
· 7 years of experience in cybersecurity, with a significant focus on ISSO responsibilities or similar roles.
· Extensive experience with security control implementation, assessment, and documentation.
· Proven leadership and mentoring skills.
· Strong understanding of cybersecurity principles, practices, and technologies.
· Experience with vulnerability management and incident response processes.
· Excellent verbal and written communication skills.
· Ability to work both independently and as part of a team.
· Ability to obtain and maintain a Common Access Card (CAC).