Apply on Employer Site

Cherokee Nation · 2 weeks ago

Senior Cybersecurity Specialist

United States

Full-time

Remote

Senior Level

$150K/yr - $170K/yr

5+ years exp

Cherokee Nation is a trusted partner for federal clients, and they are seeking a Senior Cybersecurity Specialist to lead security monitoring for federal information systems. The role involves collaborating with system owners and engineers to maintain security posture and ensure compliance with NIST RMF and agency policies.

CommunitiesGovernmentService Industry

No H1B

U.S. Citizen Only

Responsibilities

Execute RMF for assigned systems: categorize, select, implement, assess, authorize, and monitor controls (NIST SP 800-37/160/53/53A/82)

Drive continuous monitoring: control assessments, vulnerability scanning, patch verification, configuration audits, log reviews, and evidence collection

Validate technical control implementation across OS, network devices, and cloud services; review hardening baselines and configuration drift

Use existing tools and workflows to coordinate change control, incident management, and problem management aligned to security requirements

Conduct risk assessments and security impact analyses; recommend mitigations aligned to mission risk tolerance

Coordinate incident handling with SOC/IR teams: triage, containment, documentation, reporting, and lessons learned

Provide technical reviews and oversight for enforcement of secure baselines (CIS, STIGs)

Collaborate with security engineering to remediate vulnerabilities, optimize patch cycles, and maintain secure configurations for servers, endpoints, firewalls, routers, and switches

Support secure implementation and configuration of Operational Technology/Internet of Things (OT/IoT) capabilities

Provide technical review of IT systems design as part of agency IT projects

Ensure compliance with FISMA, OMB guidance, agency directives, and overlays (e.g., FedRAMP for cloud)

Support POA&M and Acceptance of Risk (AOR) lifecycle: triage findings, define remediation, track progress, validate closure, and produce dashboards/reports

Review security documentation: SSP, SAP/SAR, Contingency Plan, Incident Response Plan, and related artifacts

Support ATO sustainment and reauthorization; review assessment packages and respond to AO/ISO inquiries

Prepare concise security status reports, dashboards, and briefings to leadership and contract stakeholders

Effective collaboration with distributed teams and government stakeholders via secure tools is essential

Qualification

NIST RMFVulnerability managementSecurity complianceSystems administrationNetwork administrationCIS benchmarksFISMA reportingSIEM toolsAutomation/scriptingCommunication skills

Required

Bachelor's degree in IT, cybersecurity, or related field; or equivalent experience

5+ years of hands-on systems and network engineering/administration experience, including: Administering Windows and Linux servers, AD/Group Policy, endpoint management (e.g., MECM/SCCM, Red Hat OpenShift)

Network fundamentals and device administration (firewalls, routers, switches), VLANs, ACLs, VPNs, and routing

Secure configuration baselines (CIS benchmarks, DISA STIGs) and hardening practices

3+ years as an ISSO equivalent or in a federal security compliance role

Strong command of NIST RMF, SP 800-53/53A controls, and FISMA reporting

Experience with vulnerability management tools (e.g., Tenable/Nessus, Qualys) and patch management workflows

Experience with SIEM/log management (e.g., Splunk, Elastic); log parsing and correlation

Reviewing and overseeing the Security Assessment Report (SAR) to maintain the system ATO

Hands-on experience for: POA&M and AOR tracking and remediation workflows

Dashboarding and metric reporting for vulnerability and compliance status

Proven ability to author and maintain SSPs, and assessment evidence

Strong communication skills; able to brief technical and non-technical stakeholders across a distributed, remote team

U.S. citizenship

Ability to obtain and maintain a Public Trust suitability determination; prior Public Trust preferred

Preferred

Certifications: CISSP, Security+, CCSP, or CISM; systems/network certs such as Network+, CCNA, MCSA, RHCSA are a plus. ITIL is a plus

Experience with vulnerability scanners

Experience with FedRAMP Moderate/High and cloud security (AWS, Azure, GCP), including IAM, logging, and native security services

Automation/scripting for compliance evidence or configuration management (e.g., PowerShell, Bash, Python, Ansible)

Familiarity with agency GRC tools (e.g., CSAM)

Experience supporting audits (IG, GAO) and metric-driven continuous monitoring

Benefits

Medical

Dental

Vision

401K

And other possible benefits as provided.

Company

Cherokee Nation

Cherokee Nation is a tribal community in the United States.

Founded in 1839

Tahlequah, Oklahoma, USA

10001+ employees

https://www.cherokee.org/

Funding

Current Stage

Late Stage

Total Funding

$27.37M

Key Investors

U.S. Department of Health & Human ServicesU.S. Department of TransportationU.S. Environmental Protection Agency

2025-06-11Grant· $1.27M

2025-01-13Grant· $10.7M

2023-10-23Grant· $0.07M

Leadership Team

Cassie Osburn

Manager Healthcare Office I CNOHC Dental

Erika Warner

HR Business Partner

Recent News

The Journal Record

Stitt and Drummond clash over tribal hunting rights lawsuit

2025-12-24

Talk Business & Politics

Fort Smith Metro News Briefs: ACME input now online, UAFS students receive SURF grants

2025-12-21

Government Technology US

States, Tribal Nations Face Shared Cyber Challenges

2025-11-25

Company data provided by crunchbase