-
Must be able to obtain a Position of Public Trust / Moderate Background Investigation security Clearance - US Citizen and must not have traveled outside the US for a combined total of 6 months or more in last 5 years. Must have resided in the US for the last 5 years
The IT Security Specialist is responsible for the application security function and for information technology security (Cybersecurity/InfoSec) engineering, and design and serves as a technical expert authority. The OIG's information resources are sensitive assets and are critical in the performance of its mission; therefore, information security services help safeguard the information resources entrusted to the OIG.
Position Description
View all jobs
- The selected individual will be able to work remotely throughout the U.S.
- Secret Security clearance is preferred.
- Candidates must be US Citizens.
Must be able to obtain a Position of Public Trust / Moderate Background Investigation security Clearance - US Citizen and must not have traveled outside the US for a combined total of 6 months or more in last 5 years. Must have resided in the US for the last 5 years
The IT Security Specialist is responsible for the application security function and for information technology security (Cybersecurity/InfoSec) engineering, and design and serves as a technical expert authority. The OIG's information resources are sensitive assets and are critical in the performance of its mission; therefore, information security services help safeguard the information resources entrusted to the OIG.
Position Description
- Solve significant problems complicated by interfaces and inter-relationships between and among programs, systems, functions, applications, and numerous critical issues for agency-wide information technology solutions, operations, and maintenance supporting the security of agency infrastructure, systems, and information
- Manages and administers a wide range of security systems and tools:
- Administers cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions.
- Responsible for primary or alternate management of all IT Security systems including patch management, upgrades, integration engineering, and reporting.
- Executes security related operational activities
- Manages security incident detection, response, remediation.
- Conducts cyber threat and vulnerability analysis and remediation.
- Develops security metrics and manages reporting and compliance.
- Serves as Incident Response Team member.
- Supports operational implementation of FISMA/NIST standards and industry best practices.
- Operates cloud-based security tools such as, Azure Security Center (Sentinel, Log Analytics, Azure WAF, Defender for Identity, Privileged Identity Manager); Microsoft 365 Security Suite (Defender, Advanced Threat Protection, Cloud Application Security, Protection Portal); Microsoft Security and Compliance Center; Microsoft Endpoint Manager (Intune); multi-factor authentication (MFA); web content filtering; and secure document sharing and collaboration solutions.
- Manages IT Security awareness training program in coordination with the Learning Management team, to including developing and delivering IT Security awareness training modules.
- Manages Password Management system in coordination with Service Desk.
- Responds to IT Security trouble tickets generated by customers and IT staff. Identifies solutions, works with customer and OCIO team to execute solutions, and manages ticket input, updates, and resolution in the OCIO ticketing system to maintain service level agreements.
- Supports Security Operations and Engineering by providing technical solution support and expertise
- Identifies security risks and recommends risk mitigation strategies.
- Reviews new and existing systems to ensure baseline security requirements are met and to recommend security enhancements.
- Develops security architecture and technical solutions for security products.
- Collaborates with staff from OCIO and other business components to develop security controls and solutions for complex business systems and applications.
- Develops and executes project plans to engineer, construct, deploy, and monitor/manage IT Security infrastructure solutions
- Demonstrates in-depth understanding of security requirements associated with cloud- hosted environments, services, and solutions.
- Evaluates, recommends, and implements security controls associated with cloud-hosted environments, services, and solutions.
- Evaluates, recommends, and implements security controls for mobile device solutions.
- Establishes, implements, and interprets the requirements for agency compliance with policy directives governing cybersecurity protection.
- Performs thorough security operations center analysis of potentially malicious or suspicious threats.
- Effectively administers and sustains enterprise level application security scanning tools for all COTS, GOTS, Web Applications, and internally developed cloud-based applications.
- Conducts risk and vulnerability assessments of planned and installed information systems applications to identify vulnerabilities, risks, and protection needs.
- Conducts systems security evaluations, audits, and reviews.
- Develops cybersecurity plans, processes, and procedures.
- Participates in network and system design to ensure implementation of appropriate cybersecurity policies as they relate to application security.
- Facilitates the gathering, analysis, and preservation of evident used in the prosecution of cybercrimes.
- Updates or establishes new application security requirements.
- Assesses security events to determine impact and implementing corrective actions.
- Ensures the rigorous application of information security/cybersecurity policies, principles, and practices in the delivery of all IT services.
- Identifies current and potential problem areas.
- Monitors agency compliance with application cybersecurity protection requirements across IT programs.
- Skill & Ability to provide expert technical advice, guidance, and recommendations to management and other technical specialists on critical information technology security issues.
- Skill & Ability to assess risk factors and advise on vulnerability to attack from a variety of sources and procedures for protection of systems and applications.
- Knowledge & Skill in implementing FISMA, NIST, OMB guidelines, and other Federal regulations and guidance. Experience interpreting and implementing FISMA/NIST requirements focused on the operational implementation and documentation of those requirements.
- Knowledge of security controls for cloud-hosted environments, applications, and services.
- Experience developing System Security Plans, Security Assessment Reports, Continuous Monitoring Plans, and Plans of Action & Milestones.
- Ability to plan, organize and manage tasks on time with minimal supervision
- Ability to handle multiple tasks and work independently as well as in a team.
- Must have hands-on experience with Static and Dynamic Application Security Testing using tools like Client Fortify, Client WebInspect, HCL Appscan, Snyk, Checkmarx, Synopsys, and Veracode
- Must have specialized experience in Continuous Integration (CI) and Continuous Deployment (CD) practices
- Must have specialized experience in manual code review with the ability to identify potential vulnerabilities and best coding practices
- Must have specialized experience in application vulnerability and security assessments using various tools like Burp Suite Pro, OWASP Zap Proxy, DirBuster, Kali Linux, Metasploit Pro, Accunetix, Insight AppSec, GitLab, Coverity, Fortify, and GitHub Enterprise
- Must have specialized experience in assessing application vulnerabilities and bugs in various applications
- Must have specialized experience creating security testing pipelines and test plans
- Must have specialized experience in implementing and deploying an organization-wide Application Security program (DAST and SAST) at the enterprise level to identify, report and remediate security vulnerabilities in development and production environments
- Must have knowledge of coding languages such as Java, .NET, Python, PHP, C++, C#
- Must have extensive experience in preparing test Plans, writing test Cases, test Execution and follow up remediation efforts
- Bachelor's Degree in Cybersecurity/Information Technology Security or related field of study from an accredited college or university with at least 5 years of specialized experience with hands-on skills in performing application security assessments and specialized experience in Secure SDLC and Source Code Analysis (Manual &Tools) on Web-based Applications
- Advanced degree in Cybersecurity or related field (desired)
- Currently Industry Certifications in one or more of the following (or equivalent):
- Certified Secure Software Lifecyle Professional (CSSLP)
- Certified Cloud Security Professional (CCSP)
- Offensive Security Certified Professional (OSCP)
- EC-Council Certified Application Security Engineer (CASE)
- GIAC Certified Web Application Defender (GWEB)
- Azure Developer Associate
- Microsoft certification(s): Microsoft 365 Certified Security Administrator Associate, Microsoft Certified Azure Security Engineer Associate
- Public Trust Investigation security clearance
Key Skills
Ranked by relevance
cloud
cybersecurity
continuous integration
continuous deployment
incident response
patch management
cloud security
metasploit
burp suite
kali linux
python
gitlab
linux
owasp
java
nist
php
c
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Site Reliability Engineer
2026-04-10
Full-time
Associate
Poland
Gambling Facilities
Information Technology
View Job Details
Related
Threat Analyst 2
2026-04-11
Full-time
Not Applicable
Romania
Software Development
Information Technology
View Job Details
Related
Cyber Security Analyst
2026-04-10
Full-time
Mid-Senior
United States
IT Services
Information Technology
Login to Apply
- Posted
- Jan 14, 2026
- Type
- Contract
- Level
- Mid-Senior
- Location
- Reston
- Company
- PlanIT Group, LLC
Industries
Defense
Space Manufacturing
Software Development
Armed Forces
Categories
Information Technology
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Site Reliability Engineer
2026-04-10
Full-time
Associate
Poland
Gambling Facilities
Information Technology
View Job Details
Related
Threat Analyst 2
2026-04-11
Full-time
Not Applicable
Romania
Software Development
Information Technology
View Job Details
Related
Cyber Security Analyst
2026-04-10
Full-time
Mid-Senior
United States
IT Services
Information Technology