Senior Cybersecurity Specialist

About the Role

We are seeking a Senior Cybersecurity Specialist to lead and execute cybersecurity risk assessments, IT security assessments, and vulnerability assessment & penetration testing (VAPT) engagements for public sector clients. The successful candidate will serve as a hands-on technical lead and trusted advisor, translating NIST-aligned assessment findings into actionable remediation roadmaps for executive and technical stakeholders.

Key Responsibilities

• Lead end-to-end cybersecurity risk assessments aligned to the NIST Cybersecurity Framework (CSF 2.0), including CSF Implementation Tier evaluations (Partial, Risk-Informed, Repeatable, Adaptive).
• Map and evaluate controls against NIST SP 800-53, NIST SP 800-171, CIS Critical Security Controls, and Zero Trust Architecture principles.
• Plan and execute Vulnerability Assessments and Penetration Tests (VAPT) across network, application, wireless, cloud, SCADA/ICS, VoIP, CCTV, badging, and HVAC-connected systems.
• Simulate real-world threats including Advanced Persistent Threats (APT), phishing, ransomware, malware, and social engineering.
• Conduct documentation reviews, stakeholder interviews, workbooks, and evidence triangulation to validate control effectiveness.
• Perform gap analysis and produce prioritized remediation roadmaps.
• Author Executive Reports (posture, key findings, strategic recommendations) and Technical Reports (detailed findings, CVSS-scored vulnerabilities, remediation steps) for client leadership.
• Deliver virtual and in-person briefings to C-suite, IT leadership, and audit committees.
• Ensure assessments comply with PCI-DSS, HIPAA (where applicable), and public-sector procurement requirements.

Required Qualifications

• Minimum 5+ years of hands-on experience conducting enterprise cybersecurity risk assessments of similar size and scope
• Demonstrable expertise with NIST CSF, NIST 800-53, and NIST 800-171.
• Proven experience executing VAPT engagements using industry-standard tooling.
• Strong grasp of attack lifecycle methodologies.
• Experience producing client-ready executive and technical deliverables.
• Excellent written and verbal communication skills; able to present findings to both technical and non-technical audiences.
• Ability to pass client background checks and sign Non-Disclosure Agreements.

Preferred Qualifications

• Prior experience supporting state, local, municipal, or judicial/court IT environments.
• Certifications (one or more strongly preferred): CISSP, CISA, CISM, CRISC, CEH, OSCP, GPEN, GWAPT, PMP.
• Experience with SCADA/ICS, OT security, or converged IT/OT environments.

Education

• Bachelor's degree in Computer Science, Cybersecurity, Information Systems, or related field (Master's preferred).

Pay: $60.00 - $70.00 per hour

Work Location: In person