Security Specialist Sr - C

The most security-conscious organizations trust Telos Corporation to protect their vital IT assets. The reputation of our company rests on the quality of our solutions and the integrity of our people. Explore what you can bring to our solutions in the areas of cyber, cloud and enterprise security. This position will be based at Virginia Beach, VA.

The Information System Security Specialist II provides cybersecurity compliance and accreditation support for Navy information systems under the Naval Surface Warfare Center Dahlgren Division (NSWCDD). The role ensures information systems meet all DoD cybersecurity and Risk Management Framework (RMF) requirements throughout the system lifecycle — from design and implementation through sustainment and re-accreditation. The position supports both afloat and shore-based systems, working closely with engineers, system administrators, and program managers to identify vulnerabilities, develop mitigation strategies, and maintain Authorization to Operate (ATO) compliance.

• Develop, maintain, and update RMF documentation including Security Plans (SP), POA&Ms, Risk Assessments, and Continuous Monitoring Strategies.
• Support preparation, submission, and tracking of Assessment and Authorization (A&A) packages using tools such as eMASS.
• Review and apply DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs) to ensure systems meet DoD compliance standards.
• Participate in A&A and cybersecurity readiness reviews, providing technical recommendations to system owners.
• Ensure all assigned systems maintain an active Authorization to Operate (ATO) and adhere to DoD, NAVSEA, and SECNAV cybersecurity policies.

• Conduct risk assessments and vulnerability analyses using automated scanning and compliance tools (e.g., ACAS, STIG Viewer, SCAP, Security Content Automation Protocol).
• Identify, document, and assist in remediation of system vulnerabilities and security incidents.
• Contribute to cybersecurity architecture planning, ensuring implementation of secure configurations, least privilege, and zero‑trust principles.
• Review and maintain Interconnection Security Agreements (ISAs) and other boundary documentation to ensure continuous authorization alignment.
• Support implementation of Defense‑in‑Depth and supply chain risk management strategies.

• Provide ongoing cybersecurity monitoring and auditing support for operational systems.
• Track and report system vulnerabilities in accordance with Navy’s Vulnerability Remediation Asset Management (VRAM) system.
• Coordinate with system owners and administrators to ensure timely implementation of IAVAs, security patches, and configuration updates.
• Assist in incident response procedures and forensic investigations, documenting findings and mitigation actions.

• Education:
  
  Bachelor’s degree in Cybersecurity, Information Systems, Information Technology, Computer Science, or related discipline.
• Experience:
  
  Minimum 5 years of professional experience in information system security, accreditation, or RMF compliance roles (3 years acceptable with advanced degree).

• Must meet DoD 8570.01‑M IAM Level II certification requirements (e.g., CAP, CISM, CISSP [Associate], GSLC, or CASP+ CE).
• Must comply with DFARS 252.239‑7001 Information Assurance Contractor Training and Certification.

Active SECRET security clearance; ability to obtain and maintain TS/SCI as required.

• Hands‑on experience with Navy or DoD RMF processes and A&A toolsets (eMASS, XACTA, VRAM, ACAS).
• Working knowledge of NIST SP 800‑37, 800‑53, 800‑171, and CNSSI 1253 security control frameworks.
• Experience developing and maintaining security documentation and policy artifacts.
• Familiarity with network, system, and software engineering concepts relevant to DoD environments.
• Ability to brief technical content to government leadership and participate in CCB/IAWG meetings.

• Strong attention to detail and documentation discipline.
• Ability to work independently and…