Information System Security Specialist II

We are seeking an experienced Information System Security Specialist II to support the security authorization, compliance, and continuous monitoring activities of mission-critical information systems. The successful candidate will create and maintain IA artifacts, support Authority to Operate (ATO) efforts using the Risk Management Framework (RMF), perform compliance scanning and patch management activities, and collaborate with system owners, ISSMs, and technical teams to ensure systems remain secure and compliant.

Key Responsibilities:

• Create, update, and maintain IA artifacts required to obtain and sustain favorable Authority to Operate (ATO) decisions.
• Apply the Risk Management Framework (RMF) to support system accreditation and continuous monitoring activities.
• Upload and maintain IA documentation and artifacts within eMASS.
• Track, apply, test, and report STIG compliance using STIG checklists and Security Content Automation Protocol (SCAP) tools.
• Document system management procedures, operating procedures, security concerns, and proposed solutions.
• Support security readiness reviews and preparation of security checklists.
• Provide software support for patching and compliance scanning activities.
• Maintain software baselines to ensure IA compliance and perform monthly regressive compliance scanning, including ACAS scans and SCAP reporting.
• Maintain records of applied patches and update associated documentation with software version information.
• Anticipate and mitigate potential security risks affecting the software baseline.
• Monitor and analyze systems and networks to assess risk and recommend policy improvements.
• Coordinate hardware, software, and firmware changes with the ISSM and verify appropriate installation of security patches.
• Document security concerns and remediation activities through whitepapers and Plans of Action & Milestones (POA&M).
• Assist with Annual Security Reviews (ASRs) and Verification & Validation (V&V) activities.
• Develop detailed test procedures and security configuration documentation in support of security test events.
• Evaluate security controls, assess their impact on systems, and develop mitigation strategies where necessary.

• 5 yrs experience supporting RMF-based ATO processes.
• Hands-on experience with eMASS, STIGs, SCAP, and ACAS.
• Knowledge of DoD cybersecurity policies, standards, and best practices.
• Experience with patch management, vulnerability scanning, and compliance reporting.
• Strong technical writing skills, including experience developing security documentation and POA&Ms.
• Ability to analyze security controls and recommend effective mitigation strategies.
• Strong communication and collaboration skills.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field (or equivalent experience).
• Must have or be able to obtain a CompTIA Security Plus certification prior to start date.
• Ability to obtain and maintain a security clearance.
• Must be a U.S. Citizen.

About TRISTAR

TRISTAR is an SBA certified Service-Disabled Veteran-Owned professional services company supporting the U.S. Department of War programs. Our core competencies include Electronic Warfare, Enterprise Management, Full Spectrum Cybersecurity, Information Technology, Digital Transformation, Software Engineering and Development, Maritime Modernization and Engineering, and Technical Solutions.

TRISTAR was founded in March 1995 and has built an employee-focused collaborative environment which enables our team of professionals to create and deliver customized solutions to meet our customers' mission critical challenges.

TRISTAR's core capabilities support customers with end-to-end solutions. For over 30 years, TRISTAR has demonstrated and perfected our ability to successfully manage any task, small or large no matter how difficult or complex.

TRISTAR is proud to serve the Department of War and other Federal Agencies.

TRISTAR provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.