Job Family:
IT Cyber Security
Travel Required:
Up to 10%
Clearance Required:
Ability to Obtain Public Trust
What You Will Do:
The ideal candidate is a detail-oriented cybersecurity professional who can support secure operations, compliance, risk management, and continuous monitoring for a mission-critical federal grants platform. This role emphasizes federal security requirements, ATO support, POA&M management, incident response, security documentation, vulnerability coordination, and collaboration across technical, operational, and federal stakeholder teams.
As a Security Specialist, you will support cybersecurity, privacy, compliance, and risk management activities for Grants.gov application operations, application platform services, approved enhancements, transition activities, disaster recovery, and ongoing modernization coordination. You will work closely with federal security stakeholders, system owners, ISSOs, architects, developers, operations staff, cloud teams, database administrators, testers, IV&V partners, helpdesk partners, and program leadership to help ensure Grants.gov complies with applicable federal and agency IT security, privacy, and compliance regulations, policies, standards, and requirements. You will contribute to secure operations through security documentation, continuous monitoring, vulnerability tracking, POA&M coordination, incident response support, ATO activities, and security oversight for a public-facing federal shared service.
Support implementation, monitoring, and documentation of federal cybersecurity, privacy, and compliance requirements for Grants.gov applications, platform services, chatbot capabilities, integrations, and related support systems.
Contribute to Authority to Operate activities, including security documentation updates, control evidence collection, assessment preparation, remediation tracking, and coordination with federal security stakeholders.
Manage and support POA&M activities by tracking findings, coordinating remediation owners, documenting milestones, validating closure evidence, and communicating risk status to program and security leadership.
Coordinate vulnerability management activities, including scan review, issue triage, remediation planning, exception tracking, patch coordination, and verification of resolved findings across application and platform teams.
Support security monitoring, intrusion detection coordination, incident response, incident notification, incident reporting, root cause analysis, and recommendations to reduce recurrence.
Coordinate with development, operations, cloud, database, network, and application platform teams to ensure security considerations are incorporated into releases, configuration changes, deployments, maintenance activities, and enhancements.
Review system changes, technical designs, operational procedures, and documentation for security impacts, compliance alignment, and required updates to security artifacts.
Support disaster recovery, continuity of operations, backup recovery demonstrations, and contingency planning activities from a security and compliance perspective.
Maintain and update security-related artifacts, including system security documentation, control implementation details, risk registers, incident reports, remediation plans, operating procedures, and compliance evidence.
Support transition-in and transition-out activities by helping validate security documentation, accounts, certificates, licenses, support systems, inventories, controls, and operational security responsibilities.
Prepare and communicate security status, risks, issues, remediation progress, incident impacts, control gaps, and compliance recommendations in formats appropriate for executive, federal, technical, and non-technical audiences.
What You Will Need:
Bachelor's degree . Additional Four(4) years of exp needed in lieu of degree.
5+ years of experience supporting cybersecurity, information assurance, compliance, risk management, or security operations for enterprise systems, federal IT programs, or mission-critical applications.
Demonstrated experience supporting ATO activities, security documentation, control evidence collection, assessment preparation, continuous monitoring, POA&M management, or remediation tracking.
Working knowledge of federal cybersecurity requirements and frameworks, including FISMA, NIST 800-53, FedRAMP, privacy requirements, security assessment processes, and risk management practices.
Experience coordinating vulnerability management, patch remediation, security findings, exception requests, scan analysis, incident response, and compliance evidence across technical teams.
Ability to coordinate effectively with federal security stakeholders, ISSOs, system owners, developers, testers, operations teams, cloud teams, database administrators, helpdesk partners, IV&V teams, and other contractors.
Strong understanding of:
Security control implementation, evidence collection, assessment readiness, and continuous monitoring
POA&M tracking, vulnerability remediation, risk acceptance, exception management, and closure validation
Incident response, incident notification, root cause analysis, security monitoring, and corrective action planning
Secure SDLC, DevSecOps practices, release coordination, configuration management, and change impact analysis
Security documentation, risk reporting, compliance dashboards, and stakeholder communications
Experience using security, compliance, and collaboration tools such as vulnerability scanners, ticketing systems, GRC platforms, Jira, Azure DevOps, Confluence, SharePoint, Microsoft Teams, or similar platforms.
Excellent communication, analytical, documentation, coordination, and problem-solving skills with the ability to explain security risks and compliance needs to executive, federal, technical, and non-technical audiences.
Must be able to OBTAIN and MAINTAIN a Federal or DoD "PUBLIC TRUST"; candidates must obtain approved adjudication of their PUBLIC TRUST prior to onboarding with Guidehouse. Candidates with an ACTIVE PUBLIC TRUST or SUITABILITY are preferred.
What Would Be Nice To Have:
Experience supporting federal grants management systems, shared service platforms, or large public-facing government applications.
Experience with Grants.gov
Experience with HHS, ACF, CMS, HRSA, NIH, or other federal grant-making agencies.
Knowledge of HHS Enterprise Performance Life Cycle (EPLC), federal IT governance, ATO processes, security assessment activities, and compliance-driven delivery environments.
Experience with Grants.gov-like capabilities, including public-facing web applications, applicant submissions, grantor user management, S2S integrations, forms processing, chatbot support, helpdesk escalations, or system status communications.
Experience supporting cloud-hosted applications, AWS environments, application platform security, certificate management, account management, logging, monitoring, backup validation, or disaster recovery planning.
Experience supporting modernization, consolidation, transition-in, or multi-vendor integration initiatives involving multiple applications and stakeholder organizations.
Relevant certifications or credentials such as:
Security+, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or equivalent cybersecurity certification
Certified Authorization Professional (CAP), Certified in Governance, Risk and Compliance (CGRC), or equivalent federal compliance credential
AWS Security Specialty, AWS Solutions Architect, or equivalent cloud security certification
ITIL, SAFe, DevSecOps, or other relevant federal IT service delivery certification
The annual salary range for this position is $98,000.00-$163,000.00. Compensation decisions depend on a wide range of factors, including but not limited to skill sets, experience and training, security clearances, licensure and certifications, and other business and organizational needs.
What We Offer:
Guidehouse offers a comprehensive, total rewards package that includes competitive compensation and a flexible benefits package that reflects our commitment to creating a diverse and supportive workplace.
Benefits include:
Medical, Rx, Dental & Vision Insurance
Personal and Family Sick Time & Company Paid Holidays
Parental Leave
401(k) Retirement Plan
Group Term Life and Travel Assistance
Voluntary Life and AD&D Insurance
Health Savings Account, Health Care & Dependent Care Flexible Spending Accounts
Transit and Parking Commuter Benefits
Short-Term & Long-Term Disability
Tuition Reimbursement, Personal Development, Certifications & Learning Opportunities
Employee Referral Program
Corporate Sponsored Events & Community Outreach
Care.com annual membership
Employee Assistance Program
Supplemental Benefits via Corestream (Critical Care, Hospital Indemnity, Accident Insurance, Legal Assistance and ID theft protection, etc.)
Position may be eligible for a discretionary variable incentive bonus
About Guidehouse
Guidehouse is an Equal Opportunity Employer–Protected Veterans, Individuals with Disabilities or any other basis protected by law, ordinance, or regulation.
Guidehouse will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of applicable law or ordinance including the Fair Chance Ordinance of Los Angeles and San Francisco.
If you have visited our website for information about employment opportunities, or to apply for a position, and you require an accommodation, please contact Guidehouse Recruiting at 1-571-633-1711 or via email at [email protected]. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodation.
All communication regarding recruitment for a Guidehouse position will be sent from Guidehouse email domains including @guidehouse.com or [email protected]. Correspondence received by an applicant from any other domain should be considered unauthorized and will not be honored by Guidehouse. Note that Guidehouse will never charge a fee or require a money transfer at any stage of the recruitment process and does not collect fees from educational institutions for participation in a recruitment event. Never provide your banking information to a third party purporting to need that information to proceed in the hiring process.
If any person or organization demands money related to a job opportunity with Guidehouse, please report the matter to Guidehouse’s Ethics Hotline. If you want to check the validity of correspondence you have received, please contact [email protected]. Guidehouse is not responsible for losses incurred (monetary or otherwise) from an applicant’s dealings with unauthorized third parties.
Guidehouse does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of Guidehouse and Guidehouse will not be obligated to pay a placement fee.