(551) Cybersecurity Specialist / DevSecOps & Compliance

Position Description:

The Cybersecurity Specialist / DevSecOps & Compliance plays a mission-critical role in ensuring secure development, deployment, and operation of systems across the enterprise and client environments. This role combines hands-on security validation practices with compliance governance and DevSecOps integration. The ideal candidate is proactive, detail-oriented, and experienced in modern security tools, penetration testing, vulnerability management, and security compliance frameworks. You will work closely with developers, engineers, and program teams to embed security at every stage of the software development lifecycle protecting infrastructure, data, and applications from emerging threats while ensuring adherence to industry and government standards.

Location:  Remote

Clearance:  TS/SCI Preferred

Responsibilities and/or Success Factors: 

• Secure Development & DevSecOps Validation
• Collaborate with development and DevOps teams to ensure security is embedded across CI/CD pipelines and infrastructure-as-code (IaC).
• Validate and assess the security of cloud and hybrid systems during design, build, and deployment phases.
• Recommend and implement security tooling and automation to enhance DevSecOps pipelines (e.g., SAST, DAST, container scanning).
• Penetration Testing & Vulnerability Management
• Conduct internal and external penetration testing to identify system vulnerabilities, misconfigurations, and exploitable flaws. 
• Perform regular vulnerability scanning using tools like Nessus, OpenVAS, or Qualys and provide actionable remediation guidance.
• Analyze findings, prioritize risk, and collaborate with technical teams to implement mitigation strategies. Compliance & Risk Mapping
• Map technical controls and practices to frameworks such as NIST 800-53, NIST CSF, FedRAMP, CMMC, or ISO 27001.
• Support security assessments, audits, and ATO (Authorization to Operate) documentation efforts. 
• Maintain up-to-date documentation of security controls, policies, and risk remediation activities. Security Awareness & Continuous Improvement
• Contribute to security awareness efforts and training across development and operational teams.
• Monitor threat intelligence feeds and adapts controls based on emerging trends and zero-day vulnerabilities.
• Participate in incident response planning, tabletop exercises, and postmortem analysis when applicable. Innovative & Adaptive Mindset
• Demonstrate the ability to contribute effectively within an Agile team proactively seeking solutions within their area of expertise, collaborating with others to generate innovative ideas, and fostering a culture of continuous learning and cohesive teamwork. 
• The drive to learn AI tools and automation frameworks to optimize workflows, reduce manual effort, and enhance productivity across program management, documentation, and solution development activities.
• Proactively seeks out emerging technologies, methodologies, and process improvements to enhance organizational capabilities.
• Continuously scans the landscape for opportunities to innovate whether through automation, AI integration, user experience enhancements, or novel problem-solving approaches and transforms those insights into actionable strategies that drive mission success.

Minimum Qualifications Including Certificates: 

• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field (or equivalent work experience).
• 3–7 years of experience in cybersecurity roles, with focus areas in penetration testing, DevSecOps, or compliance frameworks.
• Proficiency with vulnerability scanning tools (e.g., Nessus, Qualys), pen testing frameworks (e.g., Metasploit, Burp Suite), and scripting for automation (e.g., Python, Bash).
• Familiarity with cloud security best practices (AWS, Azure, or GCP).
• Strong understanding of secure coding practices and SDLC/CI-CD pipeline integration.

Desired Qualifications: 

• TS/SCI Clearance
• Security+, CEH, OSCP, CISSP, or GSEC Certified DevSecOps Professional, AWS Certified Security 
• Specialty, or Cloud+ Experience with FedRAMP, NIST RMF, or CMMC compliance processes (Strongly Preferred)
• Leveraging AI tools and automation frameworks to optimize workflows, reduce manual effort, and enhance productivity across program management, documentation, and solution development activities.