Information System Security Specialist II at TRISTAR – Bloomington, Indiana

We are seeking a highly skilled Information System Security Specialist II to join our dynamic team. This role focuses on maintaining secure software baselines, supporting patch management and compliance scanning, and ensuring systems remain compliant with cybersecurity policies and accreditation requirements. The ideal candidate will have experience with vulnerability scanning, patch management, RMF processes, and cybersecurity compliance frameworks used within secure or government environments.

Position Responsibilities

• System patching and vulnerability scanning.
• Perform monthly maintenance of software baselines to maintain Information Assurance (IA) compliance.
• Maintain records of patches applied and update associated documentation with current software versions.
• Ensure all hardware, software, and firmware changes to the software baseline are coordinated with the Information System Security Manager (ISSM).
• Ensure security patches are applied, tested, and implemented appropriately.
• Conduct regressive compliance scanning to support the monthly patch cycle.
• Perform vulnerability scans using Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP).
• Verify Security Technical Implementation Guide (STIG) compliance for the Cybersecurity Service Baseline (CSB).
• Track, apply, test, and report STIG compliance using: STIG checklists, SCAP tools, MCCAST.
• Monitor and analyze computer systems and networks to identify risks and potential vulnerabilities.
• Anticipate potential system threats and implement innovative methods to protect the software baseline.
• Detect and respond quickly to cyber-attacks and remediate vulnerabilities or system flaws.
• Utilize the Risk Management Framework (RMF) to support future Authority to Operate (ATO) authorizations.
• Conduct quarterly reviews to ensure continued compliance with system accreditation and certification requirements.
• Document security issues and remediation strategies through Whitepapers and Plan of Action & Milestones (POA&M).
• Prepare and maintain cybersecurity documentation including Security checklists and Security configuration documentation.
• Test procedures for cybersecurity validation events.
• Support test events by developing detailed procedures and validating secure configurations.

• Experience with vulnerability scanning tools such as ACAS and SCAP.
• Knowledge of STIG compliance and security hardening processes.
• Familiarity with Risk Management Framework (RMF) and ATO processes.
• Experience with patch management and baseline configuration management.
• Ability to analyze network and system vulnerabilities and recommend mitigation strategies.
• Strong documentation and reporting skills.
• Knowledge of continuous monitoring and vulnerability management programs.
• Must be a U.S. Citizen.
• Ability to obtain and maintain an active security clearance.

Education

• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent experience).
• Must already have or be able to obtain a CompTIA Security Plus certification prior to start date.

About TRISTAR

TRISTAR is an SBA certified Service-Disabled Veteran-Owned professional services company supporting the U.S. Department of Defense programs. Our core competencies include Electronic Warfare, Enterprise Management, Full Spectrum Cybersecurity, Information Technology, Digital Transformation, Software Engineering and Development, Maritime Modernization and Engineering, and Technical Solutions.

TRISTAR was founded in March 1995 and has built an employee-focused collaborative environment which enables our team of professionals to create and deliver customized solutions to meet our customers’ mission critical challenges. TRISTAR’s core capabilities support customers with end-to-end solutions.

For over 30 years, TRISTAR has demonstrated and perfected our ability to successfully manage any task, small or large no matter how difficult or complex.

TRISTAR is proud to serve the Department of Defense and other Federal Agencies.

TRISTAR provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.