IT Security Specialist III

Summary
In this role your primary goal is to improve program efficiency, effectiveness, and consistency by providing prompt, reliable, and high-quality annual assessments of all High and Moderate systems in support of the Risk Management Framework all while working in a telework environment. Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.

Supervisory Responsibilities: None

Essential Functions/Responsibilities
Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.

• Review all relevant security documentation for the system to be assessed
• Review system-developed core security documentation
• Document computer security and emergency measures policies, procedures, and tests
• Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures
• Perform a thorough, accurate, and effective evaluation of the systems security controls
• Develop high-quality security authorization package documentation
• Aid in developing and conducting entrance and exit briefings
• Develop and maintain sound IT security policies, procedures, templates, and checklists for assessments
• Conduct on-site assessments (≈3 to 6 times a year, typically lasting 1 week)

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Basic Qualifications

• Bachelor’s Degree in Computer Science or related field (i.e., EE, CPE, MIS, IT) or equivalent relevant work experience
• Eight (8) years of relevant experience
• Knowledge of IT security policies and implementation standards and comprehensive understanding of NIST guidance to include, but not limited to, NIST Special Publications and Federal Information Processing Standards
• Proficiency in applying IT security concepts, methodologies, principles, procedures and using industry-standard IT security tools
• Proficiency with enterprise architecture methodologies, concepts, procedures, principles, and tools
• Ability to facilitate effective communications between federal clients, system personnel, and the assessment team
• Familiarity with various scanning and monitoring tools
• Familiarity with security assessments in a cloud environment
• Proficiency in Microsoft Office suite (Word, Excel, PowerPoint, Visio and Project)
• Knowledgeable in penetration testing
• Strong verbal and written communication skills
• Must be organized, timely, and customer service-oriented
• Ability to work well independently and in a team setting
• Adaptability, flexibility, and ability to deal with ambiguity and change
• Experience with NIST SP 800-37 Risk Management Framework, NIST 800-53 REV 5, and FISMA A&A continuous monitoring
• Experienced with Security Repository Tools such as Cyber Security Assessment and Management (CSAM)

Preferred Qualifications

• Relevant professional certifications: CISSP, CEH, CISM, CCSP, CISA, CompTIA Security+
• Additional industry certifications (e.g., AWS Certified Security – Specialty, Microsoft Certified: Azure Security Engineer Associate)

Security Clearance Requirements

• Ability to obtain a government security clearance

Physical Demands

• Prolonged periods of sitting at a desk and working on a computer.
• Must be able to access and navigate each department at the organizations and client facilities.

Work Environment

• Work is normally performed in a telework environment

Proficiency Requirement:
The candidate is expected to demonstrate proficiency in all essential job functions, tools, and processes related to this position within the first 90 days of employment. This includes acquiring a thorough understanding of job-specific responsibilities, systems, and workflows as outlined during onboarding and training. Failure to meet this requirement may result in additional training, reassessment, or other actions as deemed necessary by management.

The base salary range for this position is $126,579 to $178,431.

This base salary range represents a general guideline. An individual’s base salary within that range is determined based on a variety of factors, including (without limitation) the scope, complexities, and responsibilities of the position, the government contract to which the position is assigned, geographic location, market conditions, and the candidate’s relevant experience, education, and skills.

GAMA-1 also offers a variety of benefits, including health insurance coverage, life and disability insurance, 401(k) savings plan, training and career development opportunities, paid holidays and paid time off (PTO - to cover vacation, illness or disability, appointments, emergencies or other situations that require time off from work).

ABOUT GAMA-1

GAMA-1 is a rapidly growing technology business that is based in Greenbelt, Maryland. GAMA-1 Technologies provides strategic information assurance, information security, and business enterprise and networking solutions to the Federal Government. Our success is based on the utilization of industry and agency standards, establishment of standardized processes, and IT Services expertise. At GAMA-1, we believe employees should grow, achieve, and develop just as the company grows, achieves, and develops. GAMA-1 is committed to providing our employees with opportunities for career advancement throughout their employment.

GAMA-1 is an Equal Opportunity Employer and all qualified applicants will receive consideration for employment without regard to: veteran status, uniformed servicemember status, race, color, religion, sex, sexual orientation, gender identity, age, pregnancy (including childbirth, lactation and related medical conditions), national origin or ancestry, citizenship or immigration status, physical or mental disability, genetic information (including testing and characteristics), domestic violence victims, political orientation, status as a smoker or tobacco user, hairstyle, use of a service animal, education status, familial status, HIV/AIDS status, height, weight, reproductive healthcare decisions or any other category protected by federal, state or local law.