ISSM-Cyber Security SME (TS/SCI W CI Poly)

MANDATORY REQUIREMENT: TS/SCI with CI POLYGRAPH

Summary:

The successful Cyber Security SME shall support the customer in ensuring that Cyber Security Program and information systems adopt and institute DoD and NIST standards and methodologies. The effort will include RMF support for System Managers and the RMF Team in security categorization, security plan, implementation of security controls and conducting risk assessments. The effort will also include consulting support by providing RMF recommendations, training and guidance on all aspects of RMF. The successful Cyber Security SME shall have the ability to complete accurate documentation in all Microsoft product formats and provide information to the government project manager to use in briefing agency management, CS managers, and system and program managers as well as their supporting Information System Security Managers (ISSM) and Information System Security Officers (ISSO) on CS-related topics is required. This includes performing the below risk management framework support services.

Duties:

· Acts as the primary cybersecurity interface with and advisor to the customer, to include assistance with policy interpretation, devising and/or assessing implementation methods, assessment procedures, cyber engineering solutions, and cyber architectural strategies.

· Acts as overall Cyber SME leadership for the Cybersecurity Team.

· Acts as the Cybersecurity Workstream Lead, providing expert guidance and advice to Cybersecurity Team members consistent with the individual members’ customer direction

· Establishes minimum team member qualifications, methods to assess individual ISSO qualification status, strategies for workforce improvement, and mentoring programs for new or under qualified ISSOs

· Provides problem-solving services over a wide range of subjects, both with the Government customers and internal to the cybersecurity team.

Qualifications:

· Bachelors in a mathematics-based technical degree such as Computer Science, Computer Engineering, Electrical Engineering is desired.

· Must have extensive working knowledge and experience implementing the major computer system security components such as Identification and Authentication, Access Control, Security Audit and the like., and developing mitigation strategies where those requirements cannot be explicitly met

· Must have extensive knowledge of Network Security protection elements and first-hand experience implementing and monitoring network protection capabilities like Intrusion Detection Systems, Intrusion Prevention Systems, and HBSS, as well as extensive knowledge of network protection techniques using Switch, router, and firewall configuration parameters

· Should have working knowledge of database protection techniques; database administrator experience is a plus

· Should have experience in computer programming

· Should have experience with penetration testing and software code checking techniques used in the SCQC function

· Must qualify as an IAT III in accordance with DoD 8570 requirements

· Must qualify as an IAM III in accordance with DoD 8570 requirements, to include at least one senior security certification such as CISSP

· Must have the ability to think inductively to devise procedural or environmental security mitigations where technical solutions are not possible or require unacceptable levels of resources to implement

· Superior verbal and written communication and customer service skills including presenting to senior government officials

· Must have the ability to clearly express thoughts in written documentation that follows all norms of grammar, punctuation, and spelling, as well as technical documentation preparation standards and expectations

· Must also be able to express complex security issues in a manner that can be understood by non-technical and/or security illiterate personnel

· Must be able to think strategically and avoid getting wrapped up in minor details

· Must have expert knowledge and extensive experience with the DoD RMF Assessment and Authorization process, to include documenting that process using eMASS or another similar automated system such as Xacta. Experience with the DIACAP and DITSCAP processes is desirable

· Must have thorough understanding of and experience with the Federal Information Security Management Act (FISMA) and its reporting requirements

· Must be able to devise acceptable Configuration Management, Incident Response, Contingency Response programs

· Must be able to manage and direct programs to correct vulnerabilities exposed by the IAVA process, CVPAs, and penetration testing

Job Type: Full-time

Pay: $165,000.00 - $200,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Flexible schedule
• Health insurance
• Paid time off
• Referral program
• Tuition reimbursement
• Vision insurance

Security Clearance:

• Top Secret (Required)

Work Remotely:

• Temporarily due to COVID-19