Position Title: Baseline Security Specialist

The Baseline Security Specialist collaborates with stakeholders to develop Enterprise security control baselines in alignment with security strategy and agency policy. Successful candidate maintains an awareness of market and technology trends to bring best of breed solutions to the client. Applies industry-standard principles, theories, and concepts. Instrumental in the development and administration of development workflow processes. This position is open to remote delivery anywhere within the U.S., to include the District of Columbia.

Basic Qualifications:

• Experience interpreting and applying DISA STIGs, SRGs, CIS Benchmarks, and awareness of the National Vulnerability Database (NVD) and Common Vulnerability Enumeration (CVE)
• Experience with developing, customizing, and reviewing for updates a wide range of enterprise security configuration baselines, with input from subject matter experts.
• Ability to translate the low-level security baseline requirements into high-level FISMA and NIST requirements and client-specific security baselines.
• Ability to apply a general technical skill set to research and document industry knowledge and best practices with established or newly released applicable security controls
• Ability to work independently able to anticipate VA baseline needs and willingness to act with minimal supervision
• Ability to obtain and maintain a Public Trust or Suitability/Fitness determination based on client requirements
• Bachelor’s degree in IT, CS, engineering, or technical discipline is required and 10 years of experience or a total of 18 years of IT experience in lieu of education

Additional Qualifications:

• Experience in working with the NIST 800 Special Publication series guidance for risk management and security control implementation, including 800-53 and others.
• Experience with one or more of the following technologies: Networking, including CISCO, Juniper, or Palo Alto; operating systems, including Windows Server, RedHat, or Linux; cloud services, including AWS and Azure.
• Experience with technical writing, including 508 compliance requirements and document lifecycle management (intake, development, approval coordination, publication, archive, etc.).
• Experience with basic SharePoint administration (editing pages, granting permissions, etc.) and document management
• Experience with an Agile release methodology
• Knowledge of ServiceNow and LEAF
• Public Trust clearance

ThunderYard Solutions is proud to be an Equal Opportunity Employer. We don’t just accept difference – we celebrate it, we support it, and we thrive on it for the benefit of our employees, our community, and our customers. All applicants will be considered for employment without discrimination of race, color, religion, or belief, national, social, or ethnic origin, sex, age, physical, mental, or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union, or domestic partnership status, protected veteran status, family medical history or genetic information.