Cybersecurity Specialist - Mid-Level (Hybrid-Remote) to DC area only - E

About the position The Cybersecurity Specialist/Mid-Level position at Kingfisher Systems, Inc. is a hybrid-remote role focused on providing comprehensive cybersecurity services to U.S. Government clients. The specialist will be responsible for defining, designing, and developing system requirements while performing tradeoff analyses that consider performance, life-cycle cost, risk, and productivity. This role requires a thorough assessment of architecture and current hardware limitations, as well as the design of system specifications to ensure compatibility between hardware and software. The specialist will coordinate the design of subsystems and the integration of the total system, defining system support requirements and analyzing program support deficiencies. In this role, the Cybersecurity Specialist will conduct independent technical investigations in systems design and evaluate vendor capabilities to provide necessary products or services. The position involves conducting comprehensive security assessments to understand the security status and risks associated with operations and mission execution. The specialist will review the customer's System Authorization process and provide recommendations for updates, ensuring the accuracy of system inventories and categorization. Additionally, the specialist will validate system support services, including vulnerability scanning and security monitoring technology, and will be responsible for developing Security Assessment Plans (SAP) and Security Assessment Reports (SAR) compliant with NIST standards. The Cybersecurity Specialist will also be tasked with developing qualitative risk assessment reports and a Recommendation Report, detailing findings and actions for remediation. The role requires effective communication skills to present findings and recommendations clearly, both in written reports and during briefings at customer sites. The specialist must ensure that all documentation is relevant, clear, and free of errors, contributing to the overall mission of safeguarding sensitive information and operations for federal customers. Responsibilities • Define, design, and develop system requirements for cybersecurity projects. , • Perform tradeoff analyses of performance, life-cycle cost, risk, and productivity. , • Assess architecture and current hardware limitations, defining system specifications for compatibility. , • Coordinate design of subsystems and integration of total systems. , • Conduct independent technical investigations in systems design and evaluate vendor capabilities. , • Conduct comprehensive security assessments to understand security status and risks. , • Review the customer's System Authorization process and provide recommendations for updates. , • Ensure accuracy of system inventory, categorization, and plans of action and milestones (POA&Ms). , • Validate system support services including vulnerability scanning and security monitoring technology. , • Develop Security Assessment Plans (SAP) and Security Assessment Reports (SAR) compliant with NIST standards. , • Develop qualitative risk assessment reports compliant with NIST SP 800-30. , • Create a Recommendation Report detailing findings and actions for remediation. , • Provide Executive Summary Briefings at customer sites or virtually, summarizing activities and findings. Requirements • Bachelor's Degree or equivalent in a related field. , • Minimum of four (4) years of progressive experience in information technology and cybersecurity projects. , • Highly skilled in cybersecurity with a strong understanding of applications, databases, networking, and architecture. , • Experience developing and delivering System Security Plans in CSAM. , • Experience in application and system continuity and risk strategies. , • Experience with network firewalls, data loss prevention, and intrusion detection/prevention systems. , • Proficient in Operating Systems and services (Windows Server, Linux/Unix, Active Directory). , • Ability to conduct dynamic web application security testing and interpret results for remediation. , • Experience in vulnerability assessment and scanning for applications and databases. , • Strong document formatting skills in Microsoft Office and Adobe PDF. Nice-to-haves • Knowledge of applicable laws, statutes, and executive branch guidelines related to cybersecurity. , • Familiarity with the Federal Information Security Management Act (FISMA) and related federal requirements. , • Understanding of the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). , • Knowledge of Department of Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) directives. , • Experience with the General Services Administration Federal Risk and Authorization Management Program (FedRAMP). Benefits