Apply on Employer Site

Cherokee Federal · 1 day ago

Senior Cybersecurity Specialist

United States

Full-time

Remote

Senior Level

$150K/yr - $170K/yr

5+ years exp

Cherokee Federal is a trusted partner for federal clients, focused on solving complex challenges. They are seeking a Senior Cyber Security Specialist to lead continuous security monitoring for federal information systems, ensuring compliance with NIST RMF and agency policies.

GovernmentNon ProfitProfessional ServicesPublic Relations

No H1B

U.S. Citizen Only

Responsibilities

Execute RMF for assigned systems: categorize, select, implement, assess, authorize, and monitor controls (NIST SP 800-37/160/53/53A/82)

Drive continuous monitoring: control assessments, vulnerability scanning, patch verification, configuration audits, log reviews, and evidence collection

Validate technical control implementation across OS, network devices, and cloud services; review hardening baselines and configuration drift

Use existing tools and workflows to coordinate change control, incident management, and problem management aligned to security requirements

Conduct risk assessments and security impact analyses; recommend mitigations aligned to mission risk tolerance

Coordinate incident handling with SOC/IR teams: triage, containment, documentation, reporting, and lessons learned

Provide technical reviews and oversight for enforcement of secure baselines (CIS, STIGs)

Collaborate with security engineering to remediate vulnerabilities, optimize patch cycles, and maintain secure configurations for servers, endpoints, firewalls, routers, and switches

Support secure implementation and configuration of Operational Technology/Internet of Things (OT/IoT) capabilities

Provide technical review of IT systems design as part of agency IT projects

Ensure compliance with FISMA, OMB guidance, agency directives, and overlays (e.g., FedRAMP for cloud)

Support POA&M and Acceptance of Risk (AOR) lifecycle: triage findings, define remediation, track progress, validate closure, and produce dashboards/reports

Review security documentation: SSP, SAP/SAR, Contingency Plan, Incident Response Plan, and related artifacts

Support ATO sustainment and reauthorization; review assessment packages and respond to AO/ISO inquiries

Prepare concise security status reports, dashboards, and briefings to leadership and contract stakeholders

Effective collaboration with distributed teams and government stakeholders via secure tools is essential

Qualification

NIST RMFVulnerability managementSecurity complianceSystems administrationNetwork administrationCloud securitySecurity certificationsCommunication skillsCollaborationTechnical writing

Required

Bachelor's degree in IT, cybersecurity, or related field; or equivalent experience

5+ years of hands-on systems and network engineering/administration experience, including: Administering Windows and Linux servers, AD/Group Policy, endpoint management (e.g., MECM/SCCM, Red Hat OpenShift)

Network fundamentals and device administration (firewalls, routers, switches), VLANs, ACLs, VPNs, and routing

Secure configuration baselines (CIS benchmarks, DISA STIGs) and hardening practices

3+ years as an ISSO equivalent or in a federal security compliance role

Strong command of NIST RMF, SP 800-53/53A controls, and FISMA reporting

Experience with vulnerability management tools (e.g., Tenable/Nessus, Qualys) and patch management workflows

Experience with SIEM/log management (e.g., Splunk, Elastic); log parsing and correlation

Reviewing and overseeing the Security Assessment Report (SAR) to maintain the system ATO

Hands-on experience for: POA&M and AOR tracking and remediation workflows

Dashboarding and metric reporting for vulnerability and compliance status

Proven ability to author and maintain SSPs, and assessment evidence

Strong communication skills; able to brief technical and non-technical stakeholders across a distributed, remote team

U.S. citizenship

Ability to obtain and maintain a Public Trust suitability determination; prior Public Trust preferred

Preferred

Certifications: CISSP, Security+, CCSP, or CISM; systems/network certs such as Network+, CCNA, MCSA, RHCSA are a plus.ITIL is a plus

Experience with vulnerability scanners

Experience with FedRAMP Moderate/High and cloud security (AWS, Azure, GCP), including IAM, logging, and native security services

Automation/scripting for compliance evidence or configuration management (e.g., PowerShell, Bash, Python, Ansible)

Familiarity with agency GRC tools (e.g., CSAM)

Experience supporting audits (IG, GAO) and metric-driven continuous monitoring

Benefits

Medical

Dental

Vision

401K

Company

Cherokee Federal

Cherokee Federal, a division of Cherokee Nation Businesses, is a trusted team of government contracting professionals who can rapidly build innovative solutions.

Founded in 1969

Tulsa, Oklahoma, USA

5001-10000 employees