What are the responsibilities and job description for the Cybersecurity Administrator position at AAC Inc?
Serves as a member of the IT security team responsible for protecting the confidentiality, integrity, and availability of agency information systems. This position focuses on implementing cybersecurity policies, administering security controls, monitoring system security posture, and ensuring compliance with federal mandates such as FISMA, OMB A-130, and the NIST Risk Management Framework (RMF). Responsibilities may include, but are not limited to:
- Administer and maintain cybersecurity tools and infrastructure, including firewalls, security information and event management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), endpoint protection platforms (EPP/EDR), and data loss prevention (DLP) solutions.
- Support compliance activities and documentation under FISMA, NIST SP 800-53, 800-37, and 800-171 guidelines.
- Assist in the implementation and continuous monitoring of ATO packages.
- Participate in security assessments, audits, and vulnerability scanning activities; provide mitigation strategies and follow-up remediation.
- Administer access control mechanisms including PIV cards, multi-factor authentication (MFA), and least privilege principles in line with Zero Trust Architecture.
- Provide support for POA&M tracking and resolution.
- Coordinate with internal stakeholders, system owners, and external agencies on security-related matters and incident reporting.
Required Experience
- Bachelor’s degree in computer science, information technology, cybersecurity, or a related field.
- 3 years of relevant experience. Additional experience can be substituted for a degree.
- Strong understanding of federal cybersecurity regulations and frameworks (FISMA, NIST RMF, FedRAMP, TIC 3.0).
- Familiarity with enterprise operating systems (Windows, Linux) and cloud security principles (AWS, Azure Government).
- Proficiency in vulnerability management, security controls implementation, and log analysis.
- Effective written and verbal communication skills, particularly in drafting POA&Ms, incident reports, and system security plans (SSPs).
- Experience supporting the implementation and monitoring of ATOs.
- Solid understanding of security principles, protocols, and technologies.
- Knowledge of firewalls, VPNs, IDS/IPS, and endpoint protection.
- Knowledge and experience JAMF, MECM, Confluence, and ServiceNow are highly desired.
- Must be engaging and proactive with critical thinking and problem-solving ability, both independently and as part of a team.
- Relevant certifications such as Security , CISSP, CISA, CISM, CASP, CEH, CCNA, CCNP are highly desired.
- Must be able to attain agency suitability clearance prior to start date.