Cybersecurity Specialist - Mid​/Senior - SBG REMOTE

Job Details:
Experienced,

Location:

SBG Corporate Office - Alexandria, VA 22314, Position Type:
Full Time, Education Level: 4 Year Degree, Salary Range: $ - $, Travel Percentage:
Up to 25%, Job Shift: Day, Job Category:
Cybersecurity. SBG Technology Solutions, Inc. (SBG), a DSS, Inc. company, offers IT Governance, Systems Engineering, Enterprise Modernization, Artificial Intelligence, and Cyber Security innovation to federal and commercial clients nationwide.

The Cybersecurity Specialist ensures all applications meet FedRAMP High security and compliance requirements throughout the assessment and onboarding process for DSS Health Cloud, a FedRAMP High authorized healthcare-focused platform hosted in an AWS Government enclave environment. This role supports Independent Software Vendors (ISVs) and government applications by identifying security gaps, supporting authorization documentation, and validating alignment with applicable federal cybersecurity frameworks.

• Assesses application security posture, including logging, auditing, and control implementation, against FedRAMP High baseline requirements.
• Supports Authority to Operate (ATO) documentation efforts and compliance readiness activities for applications undergoing onboarding assessment.
• Identifies cybersecurity gaps across assessed applications and recommends prioritized remediation actions with supporting rationale.
• Evaluates application and environment alignment with Zero Trust architecture principles and continuous monitoring requirements.
• Supports development of System Security Plans (SSPs), Plan of Action and Milestones (POA&M) inputs, and related security authorization artifacts.
• Applies Risk Management Framework (RMF) processes to security assessment activities and documents findings in accordance with NIST guidelines.
• Reviews identity, access control, and encryption implementations to verify compliance with applicable standards and FedRAMP controls.
• Conducts vulnerability management reviews and evaluates continuous monitoring capabilities for onboarding candidates.
• Collaborates with cloud architects, program managers, and ISV technical teams to communicate security findings and guide remediation planning.

• Performs other duties as assigned by management in support of SBG Technology Solutions contract objectives.
• Travel requirements: occasional travel as required by project needs (estimated up to 10% per year).

• Must be a U.S. Citizen.
• Must be able to pass a Federal background check.
• Must be determined suitable for federal employment.

Individuals working for SBG Technology Solutions, Inc., a DSS, Inc., will be subject to security and privacy requirements as explained in HIPAA, FedRAMP, and NIST 800-53. Additionally, they are required to undergo specific FedRAMP training to ensure compliance with all associated controls and responsibilities in the day-to-day performance of their duties. Individuals working in departments that are considered to be in the high-risk category will be required to undergo advanced training based on their role and level of access.

Individuals with access to modify data and the configuration baseline will require further training.

• In-depth knowledge of FedRAMP High security controls and the NIST Risk Management Framework (RMF) process.
• Proficiency in security architecture review and cloud security engineering within AWS or comparable government cloud environments.
• Experience conducting vulnerability management assessments and evaluating continuous monitoring programs.
• Working knowledge of identity and access management (IAM), encryption standards, and access control frameworks.
• Ability to develop and review authorization documentation including SSPs, POA&M, and security assessment reports.
• Strong analytical and written communication skills; able to document and present security findings clearly to both technical and non-technical audiences.
• Capable of managing concurrent assessment work streams and delivering findings within defined project timelines.

• Familiarity with HIPAA Security Rule requirements and healthcare application security considerations.
• Experience with AWS security tooling (e.g., AWS Security Hub, Guard Duty, Cloud Trail, Config).
• Knowledge of Dev Sec Ops  practices and secure software development lifecycle (SSDLC) methodologies.

Required:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related technical discipline.
A combination of education and experience will be considered (2 years of relevant experience equivalent to 1 year in a degree program).

Desired:
Master's degree in Cybersecurity, Information Assurance, or a related field.

Desired:
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
CompTIA Security+ or equivalent federal baseline certification
AWS Certified Security –…