Security Professional (Cyber)

Systems Planning and Analysis, Inc. (SPA) delivers high-impact, technical solutions to complex national security issues. With over 50 years of business expertise and consistent growth, we are known for continuous innovation for our government customers, in both the US and abroad. Our exceptionally talented team is highly collaborative in spirit and practice, producing Results that Matter. Come work with the best! We offer opportunity, unique challenges, and clear-sighted commitment to the mission. SPA: Objective. Responsive. Trusted.

The Joint, Office of the Secretary of Defense, Interagency Division (JOID) provides expert support services to a range of customers spanning across the Department of Defense, Federal Civilian, and international markets. JOID provides a diverse portfolio of analytical and programmatic capabilities to help our customers make informed decisions on their most challenging issues.

SPA's NATO Allied Command Transformation Group, within JOID, provides capability development, portfolio management, program management, quality management, cost estimation analysis, standardization, reporting, software solutions and information management, and capability management support. We also provide an improved capability requirements capture process, including the generation, documentation and tracing of user requirements, with appropriate technical scrutiny, over the entire lifecycle of the requirements from capability definition through capability realization and capability usage.

We have a near-term need for a Security Professional (cyber) to provide onsite support in Norfolk, VA.

NATO ACT has adopted Agile DevSecOps principles, emphasizing rapid, iterative delivery cycles and user-driven development. Many capability development efforts are software-intensive, while others integrate hardware and software into larger systems and services. Modern continuous integration and delivery toolsets are applied to ensure transparency, traceability, and responsiveness, allowing solutions to be developed, fielded, and refined quickly while remaining aligned with operational requirements. The growing demand for digital solutions has led to an expanding backlog of projects requiring sustained support. The candidate will join ACT's cross-functional teams, working alongside staff in product-centric development efforts. These teams deliver Minimum Viable Products (MVPs) through rapid development cycles while simultaneously exploring emerging technologies that combine hardware and software integration. This dual-track approach ensures NATO can meet immediate operational needs while also experimenting with nove solutions that strengthen long-term capabilities. To sustain and expand this capability, HQ SACT is seeking contractor support across multiple labor categories, including Solution Architects, DevSecOps Engineers, Full-Stack Developers, UI/UX Designers, Security Professionals, Acquisition and Contracting Specialists, Product Managers, Systems Engineers, Network Engineers, and Service Desk Operators. Contractors will be integrated into ACT teams under the guidance of the Contracting Officer's Technical Representative (COTR), working within an Agile DevSecOps framework to deliver user-centric, operationally relevant solutions at speed. The contractor may be required, at the direction of the COTR, to undertake official travel in support of ACT, both within and outside NATO boundaries, for a maximum of 30 days per year or as otherwise agreed. Provide subject matter expertise in cybersecurity engineering to design and implement secure systems, networks, and applications across NATO environments. Engineer, implement, and monitor technical and organizational security measures for the protection of computer systems, networks, and sensitive information. Identify, define, and document system security requirements, ensuring they align with NATO security standards and operational priorities. Design secure architectures and develop detailed Cybersecurity designs, supporting enterprise-scale solutions and mission-critical systems. Plan, research, and develop security policies, standards, and procedures aligned with NATO standards. Deploy, configure, and monitor advanced security tools and vulnerability management solutions (e.g., Nessus, Prisma, Qualys, Burp Suite, OpenVAS). Integrate security principles into Agile and DevSecOps workflows to ensure security is embedded from the outset of product development. Perform risk assessments using established tools and frameworks, advising stakeholders on mitigation strategies. Conduct incident response planning, disaster recovery preparation, and contribute to forensic investigations where required. Collaborate closely with developers, system administrators, and product managers to ensure security requirements are met throughout the lifecycle. Clearly communicate complex cybersecurity risks and issues to technical teams, leadership, and non-technical audiences.

Required:

• Citizenship of one of the NATO member countries.
• 4+ years of experience, including proven experience engineering, implementing, and monitoring security measures across networks, systems, and applications.
• Demonstrated ability to define, document, and maintain security requirements aligned with organizational goals.
• Experience designing secure enterprise architectures and developing detailed cybersecurity designs.
• Hands-on experience with vulnerability assessment, intrusion detection, firewalls, anti-virus, and content filtering.
• Experience using security tools such as Nessus, Prisma, Qualys, Burp Suite, OpenVAS, or equivalent.
• Experience in risk assessment and security auditing methodologies.
• Experience planning, developing, and maintaining security policies, standards, and procedures.
• Proven track record in system administration across multiple operating systems and platforms.
• Strong communication skills to present complex security issues to peers, management, and leadership.
• Security certifications (CISSP, CISM, Security+, CEH, or equivalent).
• Bachelor's degree in ICT, Information Security, or a related discipline.
• Fluent in English (oral and written).
• Active NATO or National Secret (or higher) clearance.
• Able to work fully onsite based on client needs.