Overview
Chenega Services & Federal Solutions (CSFS), is seeking to hire an experienced
IT Security Specialist II
to support the Office of Informatics (OI) within the National Center for Injury Prevention and Control (NCIPC) at the Centers for Disease Control and Prevention (CDC). The NCIPC Office of Informatics supports a growing portfolio of systems and IT services while providing Center-wide leadership in project management best practices, IT governance, system interoperability, reduction of redundancies, adoption of emerging technologies, accountability of IT resources, data security, and compliance with Department of Health and Human Services (HHS) and CDC IT policies, procedures, standards, and regulations. The
IT Security Specialist II
will provide technical expertise in information security compliance and support NCIPC systems in meeting federal cybersecurity requirements, including Security Assessment & Authorization (SA&A), vulnerability management, and compliance documentation.
Work Location:
In-office/hybrid: Work will primarily be performed in a remote environment, with on-site support provided on an as-needed basis, at the CDC Chamblee Campus
Responsibilities
Support the full lifecycle of Security Assessment and Authorization (SA&A) activities, including the preparation, review, and maintenance of security artifacts such as System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports.
Advise the Systems Security Privacy Officer (SSPO), system owners, and project teams on policies, processes, and best practices to ensure compliance with information security requirements.
Maintain and update security documentation within enterprise tools (e.g., Archer), ensuring artifacts remain current, accurate, and compliant with federal standards.
Monitor, track, and manage system vulnerabilities, coordinating with technical teams and stakeholders to ensure timely remediation and risk mitigation.
Support Authorization to Operate (ATO) processes, including reauthorization efforts, control assessments, and documentation development.
Manage required compliance activities, including Business Continuity Plans (BCP), annual assessments, and Privacy Impact Assessments (PIA).
Collaborate with SSPO and leadership to address recommended and required actions from oversight bodies such as CSPO.
Utilize vulnerability scanning tools (e.g., SCAP or similar) to identify, analyze, and prioritize security weaknesses across systems.
Conduct and support third-party assessments, security reviews, and privacy evaluations to ensure ongoing compliance.
Develop and enhance security policies, procedures, and standard operating procedures (SOPs) to strengthen the organization’s security posture.
Provide support for incident response activities, including reporting, documentation, and coordination during security events.
Advise stakeholders on secure system design, data protection, authentication methods, and encryption practices.
Deliver customer-focused guidance and training to promote awareness and adherence to information security requirements.
Perform other related duties as assigned.
Qualifications
Minimum Qualifications:
(To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.)
Completed Bachelor’s degree in Cybersecurity, Computer science, IT, or related field.
Minimum of five (5) to seven (7) years of IT security experience or directly comparable professional experience.
Demonstrated knowledge of CIPP/G and SSPO requirements, along with experience supporting Section 508 compliance initiatives, is required.
Required Public Trust clearance.
Preferred Qualifications:
CISSP, Security+, or equivalent certification.
Experience with CDC/HHS systems and tools like Archer.
Knowledge, Skills and Abilities:
Strong knowledge of federal cybersecurity standards (NIST, FISMA).
Experience in vulnerability management and compliance auditing.
Professional working knowledge within SharePoint
Professional interpersonal and computer skills, to include but not limited to, skills in operating Microsoft Office software, with emphasis on Word, Excel, Power Point, and Outlook.
Skills in managing and prioritizing multiple assignments with strict deadlines and ability to coordinate efforts among many offices.
Excellent interpersonal and communication skills (both oral and written).
Expertise to prepare and present information/data via oral briefing(s) and/or by written reports