Information Security Specialist

Travel Requirement: Up to 10%

Security Clearance: Must be able to obtain & maintain Secret clearance

Citizenship: US Citizenship required

The Information Security Specialist is responsible for maintaining the security posture of the organization’s internal information systems and ensuring compliance with applicable cybersecurity frameworks. This role works closely with Security, IT, leadership, and compliance stakeholders to support vulnerability management, audit readiness, incident response, and secure system operations.

The position requires hands‑on experience with enterprise security tools and processes, including vulnerability management, change management, audit log review, endpoint security, and data protection.

• Manage system vulnerabilities, including scanning, prioritization, and remediation.
• Support patching and configuration enforcement through endpoint management solutions
• Provide continuous monitoring of information systems, ensuring audit logs are collected, reviewed, and anomalous activity is identified and mitigated.
• Analyze and correlate logs from endpoints, servers, identity systems, and cloud services.
• Configure and tune alerting and automated response capabilities for security events.
• Perform incident response and reporting for cybersecurity events including malware, phishing, unauthorized access, and data exfiltration.
• Maintain Plans of Action & Milestones (POA&M) and track remediation to closure
• Ensure all system security documentation (e.g., SSPs, baselines, policies, procedures) is current and audit-ready.
• Assist in development and maintenance of security policies, standards, and technical controls.
• Review and assess security impact of system changes as part of change control processes
• Recommend and implement security configurations across Microsoft 365, endpoint, and identity platforms.
• Conduct user activity monitoring and support investigations related to potential insider threat or policy violations.
• Run security awareness initiatives, including phishing simulations and training activities.
• Prepare reports on the status of vulnerabilities, incidents, and overall security posture.

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field
• 3–5 years of experience in information security or cybersecurity operations
• Experience with Microsoft security technologies, including Microsoft Defender, Microsoft Intune, and Microsoft Purview.
• In depth understanding of software and system vulnerability management.
• Experience with log aggregation, SIEM tools, or advanced threat detection
• Experience with managing the security of Windows and Linux systems in an Enterprise environment.
• Experience implementing and maintaining STIGS or CIS Benchmarks

• Industry certifications such as Security+, CISSP, or equivalent
• Experience supporting CMMC/NIST 800-171 or NIST 800-53/RMF
• Familiarity with endpoint management and configuration baselines across enterprise systems
• Experience working in a regulated environment handling Controlled Unclassified Information (CUI)
• Experience managing MacOS systems in an Enterprise environment
• Experience maintaining security controls and working on a change control board.
• Experience leveraging AI tools in an enterprise setting.
• Experience as a COMSEC custodian

Successful completion of a background screening/check/investigation will/may be required as a condition of hire.

Sherpa 6 will make reasonable accommodations in compliance with the Americans with Disabilities Act 1990

Sherpa 6 does not discriminate based on race, color, national origin, sex, religion age, disability, sexual orientation, gender identity, veteran status, height, weight, or marital status in employment or the provision of services and is an equal access/opportunity/affirmative action employer.

We offer a competitive benefits package, covering the cost of medical for you and your family; we also offer dental, vision, health and wellness benefits and a generous retirement savings plan. We believe that our employees can manage their workload and their personal life, therefore we extend a generous PTO policy. This allows our employees to balance their lives as they see fit.

The proposed salary range is reflective across all Sherpa 6 locations, years of experience and skill levels. Salary negotiations will be based on a host of factors including but not limited to your geographic location, prior experience, relevant skills, education, and certifications.