What You'll Do

• Conduct research and maintain expertise on MLSecOps concepts, methodologies, models, government policies, industry best practices, and relevant open-source and commercial implementations.
• Identify areas where Machine Learning (ML) capabilities can be applied to Security Test & Evaluation, internal penetration testing, proactive vulnerability assessment and discovery, risk assessment and the development of security controls, and validation of applied security controls.
• Develop and implement validation mechanisms to assess the viability and effectiveness of the generated remediation tasks in mitigating the identified issues.
• Implement and follow the Risk Management Framework (RMF) process, conducting comprehensive security control assessments for internal systems, including cloud-based environments.
• Develop and analyze Security Assessment Reports (SARs) by NIST SP 800-53, NIST SP 800-37, and FIPS standards.
• Conduct vulnerability analysis, manage Plan of Action and Milestones (POA&M), and provide security impact reviews for change requests, ensuring compliance with relevant federal regulations.
• Collaborate with government stakeholders, system owners, and security professionals to evaluate security readiness across various cybersecurity functions.
• Perform continuous monitoring activities, including annual assessments and reporting for Information Security Vulnerability Management (ISVM) and related programs.
• Support on-site and remote assessments for information systems, verifying adherence to cloud security standards and infrastructure hardening requirements.
• Develop and employ tailored test plans and procedures, utilizing various tools and custom scripts in alignment with NIST guidelines.
• Conduct manual testing, vulnerability scans, and penetration testing in compliance with FISMA requirements and other applicable standards.
• Implement Offensive Security Operations (OffSecOps) practices, including automated deployment and testing of various targets, while maintaining compliance with federal security regulations.
• Perform Assessment & Authorization (A&A) activities, Identity Governance (IG) audits, vulnerability management reporting, and compliance validations in collaboration with relevant stakeholders. 

Education + Requirements

• Bachelor’s degree with 7 years’ relevant IT/Cybersecurity experience; or 11 years’ relevant experience.
• Expertise in security compliance and risk management frameworks (e.g., NIST 800-53A, FISMA), including conducting assessments and developing risk analysis and mitigation strategies. 
• Proficient in vulnerability scanning, configuration, and patch management, with experience addressing complex system vulnerabilities. 
• Skilled in creating and maintaining security authorization documentation, ATO packages, and compliance records, with the ability to effectively present technical findings and mitigation plans to diverse audiences. 
• Experienced in coordinating across teams (e.g., Privacy, Information Governance), supporting audits, and delivering risk briefings. 
• Adept at communicating security requirements within development cycles and aligning with stakeholder expectations. 

Preferred Experience and Knowledge

• Familiarity and working experience with machine learning security operations (MLSecOps) or security development operations DevSecOps methodology.

Security Clearance

• Active Secret clearance is required
• DHS Suitability (EOD)

Desired Certifications (one or more)

• Security+
• CompTIA Advanced Security Practitioner (CASP)
• Certified Information Systems Auditor (CISA)
• Certified in Governance, Risk, and Compliance (CGRC)
• Certified Authorization Professional (CAP)
• GIAC Security Essentials Certification (GSEC)
• Cybersecurity Analyst+ (CySA+)