What Your Day-To-Day Looks Like (Position Responsibilities):
- Support the identification of information protection needs and security requirements for information systems and network environments
- Contribute to the design and implementation of security architectures and security controls across system components
- Assist with security engineering activities throughout the system lifecycle, including requirements, design, implementation, testing, and operations
- Support the implementation of security measures that ensure confidentiality, integrity, availability, authentication, and non-repudiation
- Participate in Risk Management Framework (RMF) activities, including security control implementation, assessment support, and continuous monitoring
- Develop and maintain security documentation such as System Security Plans (SSPs), security control artifacts, POA&Ms, and ATO packages
- Assist in assessing the security impact of system changes, enhancements, and architectural modifications
- Support vulnerability management efforts, including reviewing scan results and coordinating remediation actions
- Collaborate with system engineers, network engineers, developers, and security stakeholders to support authorization activities
What You Need to Succeed (Minimum Requirements):
- Top Secret (TS) Clearance with SCI eligibility.
- 3 - 5 years of demonstrated experience supporting cybersecurity or information assurance activities within enterprise or mission systems
- Working knowledge of the NIST Risk Management Framework (RMF), FISMA and ATO processes
- Familiarity with common security assessment, vulnerability scanning, and monitoring tools (e.g., Nessus, NMAP, Guardium, WebInspect, or similar)
- Understanding of system and network security principles, including access control, boundary protection, and secure system design
- Experience supporting cloud security in environments such as AWS GovCloud, C2S, SC2S, and Microsoft Azure.
- Analyze logs using Splunk and AWS tools.
- Ability to document security controls and communicate technical information clearance
- Hands-on experience with vulnerability assessment and configuration tools such as Nessus, ACSA, and Splunk.
Ideally, You Also Have (Preferred Qualifications):
- Certifications: CISSP, CISM, CASP+ CECAP, Security+, AWS Certified Security – Specialty, or other relevant certifications.
- Experience in a high-side or multi-enclave (U/S/TS) environment.
- Experience working with Agile development teams and CI/CD pipelines.
- Familiarity with NIST 800-53 Rev. 5
Top Skills
What We Do
Spry is a certified Small Business headquartered in McLean, VA. Spry provides Enterprise, C4IT, Management, and Cyber Solutions to the federal government and commercial entities. Founded in 2001, Spry Methods was built on the foundation of combining industry knowledge with unmatched responsiveness to produce results for our customers. Our goal is to build a business dedicated to the maximization of value for all stakeholders starting with our employees, our customers, and our community. We recognize that talented and dedicated employees are our most valued assets and the foundation of our success. Guided by these principles, we have established an impressive track record of proven past performance serving our customers within the Commercial, Federal Civilian, DoD, and Intelligence Communities. A CMMI Level 3 certified and ISO 9001:2008 registered company, Spry is committed to quality and continuous improvement.
