Auto-apply to these security jobs

Position Description: The Information Security Specialist III supports the National Oceanic and Atmospheric Administration (NOAA) Internal Risk Management Program (IRMP), providing advanced technical, analytical, and programmatic expertise in the prevention, detection, and mitigation of insider threats. This key personnel position executes and advances NOAA’s IRMP objectives in compliance with federal security regulations, most notably Executive Order 13587, National Insider Threat Policy, NIST, FISMA, NSPM-33, and agency-specific guidance. The Information Security Specialist III collaborates with OCIO leadership, the Internal Risk Office, NOAA research teams, and interagency insider threat task forces to strengthen the security posture of NOAA’s classified and unclassified environments.Location:  Hybrid (Silver Spring, MD)

Clearance:  Active TS/SCI

Responsibilities and/or Success Factors: Information Security Program Development and Implementation

• Lead the development and implementation of comprehensive information security policies, procedures, and protocols for insider threat detection and mitigation 
• Design and establish security frameworks that integrate physical security, personnel security, cybersecurity, and information assurance functions 
• Develop research security protocols in compliance with NSPM-33 to protect sensitive NOAA research activities from internal and external threats 
• Create and maintain security guidelines for handling classified national security information (CNSI) and controlled unclassified information (CUI) Risk Assessment and Analysis 
• Conduct comprehensive risk assessments of NOAA's information systems, networks, and data repositories 
•  Analyze security vulnerabilities and develop mitigation strategies for identified risks
• Evaluate and assess compliance with federal security standards including FISMA, NIST frameworks, and DoD cybersecurity requirements 
• Perform security impact assessments for new systems, applications, and processes Security Data Integration and Monitoring 
• Consolidate and analyze security data from multiple internal and external sources to identify potential insider threats 
• Design and implement data integration systems that provide real-time monitoring and actionable insights to leadership 
• Develop and maintain insider threat detection systems and behavioral monitoring capabilities 
• Ensure ethical data collection and analysis practices that comply with privacy regulations and civil liberties requirements Incident Response and Investigation
• Coordinate incident response activities for suspected insider threat cases and security breaches 
• Conduct thorough investigations of security incidents involving classified systems and sensitive information 
• Document incident response actions and develop lessons learned for continuous program improvement 
• Collaborate with law enforcement agencies and external partners on complex security investigations Compliance and Audit Management 
• Ensure compliance with federal security regulations including Executive Order 13587, NSPM-33, FISMA, and NIST standards 
• Conduct regular security compliance audits and assessments 
• Prepare detailed compliance reports and corrective action plans for identified gaps
• Maintain documentation for security authorization and accreditation processes Training and Awareness Program Support 
• Develop technical training materials and awareness programs focused on insider threat identification and mitigation 
• Provide expert consultation on security best practices and threat scenarios
• Support the delivery of security training sessions for NOAA personnel, contractors, and uniformed services 
• Create technical resources and job aids for security awareness initiatives Stakeholder Collaboration and Communication 
• Serve as technical liaison with internal NOAA teams including the Cybersecurity Division and Human Resources 
• Communicate complex technical security concepts to non-technical stakeholders 
• Provide expert technical guidance to program leadership and government officials Policy Development and Documentation
• Develop and maintain comprehensive security policies and standard operating procedures (SOPs)
• Create technical documentation for security systems, processes, and procedures 
• Review and update security policies to ensure alignment with evolving threats and regulatory requirements 
• Contribute to the development of security guidelines and best practice documentation

Minimum Qualifications Including Certificates:

• Must be a U.S. Citizen 
• Active Top Secret security clearance with SCI eligibility (required before contract start) 
• Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or related STEM field from an accredited college or university 
• Five (5) years of experience in information security, cybersecurity, or related field 
• Five (5) years of experience in insider threat detection, behavioral analysis, or risk management 
• Experience with federal compliance frameworks including FISMA, NIST Cybersecurity Framework, and Risk Management Framework (RMF) 
• Knowledge of classified information handling procedures and National Industrial Security Program Operating Manual (NISPOM) requirements 
• Experience with security incident response and investigation methodologies 
• Demonstrated experience with security data analysis and threat intelligence platforms 
• Strong analytical and problem-solving skills with attention to detail 
• Excellent written and verbal communication skills

Desired Qualifications: 

• Experience with NOAA or other federal agency cybersecurity programs 
• Professional security certifications (CISSP, CISM, GIAC, or equivalent) 
• Experience with behavioral analytics and insider threat detection tools 
• Knowledge of NSPM-33 research security requirements 
• Familiarity with NIST Special Publications (SP 800 series) and federal cybersecurity guidance 
• Experience with Security Information and Event Management (SIEM) systems 
• Knowledge of machine learning and artificial intelligence applications in cybersecurity 
• Experience with cloud security frameworks and technologies 
• Understanding of privacy protection principles and compliance requirements