Cyber Security Audit & Compliance Specialist

Role: Cyber Security Audit & Compliance Specialist

POP: 12+ Months Contract

Location: Remote

SCOPE:

The Cyber Security Audit & Compliance Specialist is responsible for executing and overseeing system security audits, maintaining RMF accreditation artifacts, ensuring security controls are implemented and validated, and managing compliance in accordance with DHS 4300A, FISMA, and NIST 800-53 guidelines.

REQUIRED SKILLS:

• Bachelor s or Associate's degree in Computer Science, Math, Information Technology, Engineering, or related field. Six (6) years of directly relevant experience may substitute for three (3) years of formal education.
• CompTIA Security+ required
• Minimum of six (6) years of experience in Information security with cyber security, security programs or compliance assurance.
• Minimum of six (6) years of experience with Security Information and Event Management (SIEM).
• Minimum of six (6) years of experience in the risk management framework.
• Basic knowledge of the following: Active Directory, UNIX, Windows, Relational Databases.
• Deep knowledge of RMF, NIST SP 800-53, FISMA, and DHS 4300A controls.
• Proven experience conducting system audits, preparing for external inspections, and remediating noncompliant findings.
• Expertise with SIEM platforms, vulnerability scanning tools, and GRC platforms.
• Familiarity with enterprise operating environments including Active Directory, Linux/UNIX, Windows, and relational databases.
• Strong written and verbal communication skills; ability to write technical security documentation and brief executive stakeholders.

PREFERRED SKILLS:

• Experience supporting secure development pipelines and system baselining in federal DevSecOps environments preferred.
• Experience working on or supporting federal government enterprise systems preferred.
• Additional certifications (Network+, AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus.

TASKS

• Lead the execution of cybersecurity assessments, control validations, and audit readiness activities in alignment with Risk Management Framework (RMF) guidelines.
• Oversee and maintain Authorization to Operate (ATO) documentation, ensuring timely updates, renewals, and alignment with evolving security postures.
• Evaluate system security requirements and support security architecture decisions across a wide range of systems, including web applications, databases, virtual infrastructure, and cloud environments.
• Develop and enforce cybersecurity policies, procedures, SOPs, and plans, ensuring full lifecycle traceability from initial deployment through sustainment.
• Manage and monitor Security Information and Event Management (SIEM) systems to identify anomalies, track incidents, and ensure threat visibility.
• Develop, monitor, and track Plans of Action & Milestones (POA&Ms) and support remediation strategies for identified vulnerabilities.
• Collaborate with development, operations, and configuration management teams to integrate security controls into Agile DevSecOps pipelines and CI/CD deployments.
• Serve as a liaison with external auditors, internal stakeholders, and federal oversight bodies to ensure compliance with DHS, FISMA, NIST, and OMB requirements.
• Evaluate and test system security features including encryption protocols, access control models, vulnerability management workflows, and security hardening baselines.
• Review and analyze audit logs, configuration change reports, and incident response records to detect potential violations and ensure corrective actions are implemented.
• Support security education and training activities across the ALC-ISD teams, reinforcing security awareness and secure software practices.
• All other duties as assigned by management.