Cyber Support Specialist - Remote Eligible

Cyber Support Specialist

Cyber Support Specialist a key role in supporting cybersecurity activities required to validate and sustain compliance with the Risk Management Framework (RMF) for project infrastructure and services. This position assists with Assessment and Authorization (A&A) efforts, researches and translates risk information, and partners with client stakeholders to provide input and best-practice recommendations that inform security-related decision making. The role also supports the definition and implementation of security requirements, contributes to the design and testing of security components, and performs vulnerability and code scanning analysis to identify and report security impacts.

Key Responsibilities

• Support Assessment and Authorization activities required to validate and maintain RMF compliance for project infrastructure, systems, and services.
• Assist in defining cybersecurity and application security requirements for project initiatives.
• Support the design, structuring, and testing of security components and control implementations.
• Identify, analyze, and report security impacts using COTS vulnerability scanning tools and static and dynamic code scanning tools.
• Assist with vulnerability management activities, including findings review, documentation, reporting, and remediation tracking.
• Prepare management-level communications, status reporting, and cybersecurity metrics.
• Support security assessments of applications and infrastructure against RMF controls and development security requirements.
• Document compliance evidence, assessment results, and remediation activities to support ongoing authorization and continuous monitoring.
• Collaborate with technical teams, security stakeholders, and program leadership to address security gaps and strengthen compliance posture.
• Maintain focus and effectiveness in a high-intensity environment, including support for rotating 12-hour shifts with 4 days on and 3 days off, as required.

Required Qualifications

• Bachelor's degree in cybersecurity, information technology, computer science, or a related field.
• 3 to 5 years of relevant cybersecurity experience.
• Experience supporting RMF and Assessment and Authorization processes.
• Knowledge of RMF controls and their applicability to application security.
• Experience supporting security requirements definition, control implementation, and testing activities.
• Experience identifying, analyzing, and reporting vulnerabilities and security impacts.
• Familiarity with COTS vulnerability scanning tools and static and dynamic code scanning tools.
• Ability to communicate technical issues, risks, and metrics effectively to management audiences.
• Working knowledge of vulnerability management and reporting processes.
• Understanding of application security and development security requirements.
• Familiarity with OWASP Top 10 and common web application security risks.
• Ability to work effectively in a fast-paced operational environment and adapt to changing priorities.
• Ability to work a rotating 12-hour shift schedule with 4 days on and 3 days off, when required.

Preferred Qualifications

• CompTIA Security+ certification.
• DoD 8140-compliant certification at the intermediate or advanced level.
• Experience in cloud cyber defense.
• Experience supporting application security in infrastructure and service environments.
• Strong analytical, documentation, and reporting skills.
• Ability to prepare concise executive-ready status updates and performance metrics.
• Demonstrated adaptability and effectiveness during high-intensity operational periods.

Job Specific Skills

• Risk Management Framework (RMF) controls and application security - Advanced
• Cyber Security Management - Advanced
• Cloud Cyber Defense - Intermediate
• Code scanning tools - Intermediate
• Vulnerability Management and Reporting - Intermediate
• OWASP Top 10 - Intermediate
• Application Security and Development Security Requirements - Intermediate
• Adaptability and operational resilience in rotating shift environments – Intermediate