Information System Security Specialist

We are seeking a Cybersecurity Engineer to support the CAC2S system by ensuring software security, compliance, and continuous monitoring. This role focuses on vulnerability management, patching, and maintaining secure software baselines in accordance with DoD Information Assurance (IA) requirements.

Key Responsibilities

• Provide software support for CAC2S patching and vulnerability scanning activities.
• Perform monthly maintenance of software baselines to ensure IA compliance.
• Conduct regressive compliance scanning in support of the monthly patch cycle, including ACAS scans and SCAP reporting.
• Maintain detailed records of applied patches and update documentation with current software versions.
• Monitor system changes and ensure configuration control of the software baseline.
• Identify potential system vulnerabilities and proactively implement mitigation strategies.
• Detect, respond to, and remediate cyber threats, vulnerabilities, and system flaws.
• Monitor and analyze networks and systems to assess risk and recommend security improvements.
• Conduct quarterly compliance reviews to support ATO accreditation and certification requirements.
• Perform periodic system security scans using NESSUS/ACAS and validate STIG compliance.
• Coordinate all hardware, software, and firmware changes with ISSM/ISSO personnel.
• Ensure timely and accurate installation of security patches across systems.

• Experience supporting DoD cybersecurity programs and IA compliance requirements.
• Hands-on experience with vulnerability scanning tools such as NESSUS and ACAS.
• Familiarity with SCAP compliance tools and reporting.
• Strong understanding of STIGs, RMF, and ATO processes.
• Experience with system patching, configuration management, and baseline control.
• Ability to analyze security risks and implement effective mitigation strategies.
• Strong documentation and communication skills.
• Experience working with DoD systems and environments.
• Knowledge of network security, intrusion detection, and incident response practices.
• Must be a U.S. Citizen.
• Must be able to obtain and maintain a security clearance.

Education

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent experience).
• Must have CompTIA Security Plus prior to start date.

About TRISTAR

TRISTAR is an SBA certified Service-Disabled Veteran-Owned professional services company supporting the U.S. Department of Defense programs. Our core competencies include Electronic Warfare, Enterprise Management, Full Spectrum Cybersecurity, Information Technology, Digital Transformation, Software Engineering and Development, Maritime Modernization and Engineering, and Technical Solutions.

TRISTAR was founded in March 1995 and has built an employee-focused collaborative environment which enables our team of professionals to create and deliver customized solutions to meet our customers' mission critical challenges. TRISTAR's core capabilities support customers with end-to-end solutions.

For over 30 years, TRISTAR has demonstrated and perfected our ability to successfully manage any task, small or large no matter how difficult or complex.

TRISTAR is proud to serve the Department of Defense and other Federal Agencies.

TRISTAR provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.