Job Description
Insight Global is seeking a Cybersecurity Professional to support a federal customer. The ideal candidate will be responsible for implementing comprehensive security measures, conducting vulnerability assessments, compliance audits, and ensuring the continuous security and integrity of our modernization environment in alignment with IRS cybersecurity standards and federal requirements.
Key Responsibilities
1. Vulnerability Management and Scanning:
• Implement and manage automated vulnerability scanning, static and dynamic code analysis, configuration audits, and compliance reporting across all environments.
• Ensure monthly vulnerability scans and quarterly compliance assessments are performed and documented using IRS-approved tools (e.g., Splunk).
• Remediate identified vulnerabilities within prescribed timelines:
Critical vulnerabilities (CVSS ≥ 9.0): within 15 days.
High vulnerabilities (CVSS 7.0–8.9): within 30 days.
Moderate vulnerabilities (CVSS 4.0–6.9): within 60 days.
2. Security Documentation and Compliance:
• Prepare and maintain System Security Plan (SSP), Security Assessment Report (SAR), Plan of Action and Milestones (POA&M), and Continuous Monitoring Plan (CONMON) in accordance with IRS RMF and ATO requirements.
• Submit automated compliance reports to the COR and IRS Cybersecurity team monthly, summarizing scan results, remediation activities, open POA&M items, and risk trends.
3. Security Assessments and Testing:
• Execute independent assessments, penetration testing, and control testing prior to each major release.
• Conduct control testing, including active vulnerability testing, code scanning, and configuration validation against IRS requirements.
• Develop and submit Security Assessment Plan (SAP) and Security Assessment Report (SAR), ensuring traceability to NIST SP 800-53 Rev 5.1.1 controls and IRS designations.
4. Continuous Monitoring and Reporting:
• Implement continuous monitoring (CA-7) by providing automated security and compliance data feeds to the IRS CDM platform.
• Maintain monthly dashboards summarizing control effectiveness, vulnerability status, and audit findings.
5. Compliance and Recertification:
• Ensure application and infrastructure components undergo annual security and Section 508 recertification to maintain compliance and system accreditation.
6. Collaboration and Coordination:
• Coordinate with the IRS Information System Security Officer (ISSO), Authorizing Official (AO), and Cybersecurity team to support the A&A process.
• Participate in Kick-off Cybersecurity Assessment meetings to confirm security categorization, authorization boundaries, and assessment schedules.
Performance Indicators:
1. 100% of deployed components scanned and reported within required cadence.
2. 95% of vulnerabilities remediated within prescribed timeframes.
3. Zero unauthorized findings during IRS or Treasury audits.
4. 100% compliance with Section 508 accessibility standards for user-facing components.
5. Successful completion of IRS RMF Assessment and Authorization process.
Desired Outcomes:
1. A secure and compliant modernization environment that aligns with federal cybersecurity standards and IRS enterprise security policies.
2. Continuous alignment with FISMA, FedRAMP, and NIST requirements for confidentiality, integrity, and availability.
3. Proactive risk identification, rapid remediation of vulnerabilities, and continuous compliance assurance.
4. A hardened and fully authorized system environment protecting taxpayer data and ensuring operational resilience.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
- Bachelor's degree
- Active IRS MBI Clearance
A minimum of 9 years of experience with –
- Extensive experience with automated vulnerability scanning tools (e.g., Splunk, AppScan).
- Strong knowledge of NIST RMF, FISMA, FedRAMP, and related federal security standards.
- Proven track record in managing security assessments, compliance audits, and vulnerability remediation.
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.