Cyber Security (SME)

About The Position

Requirements

• Bachelor’s degree and a minimum of eight (8) years of relevant cybersecurity experience.
• Must possess one of the following certifications: CySA+, CAP, CASP+CE, CISM, CISSP, GSLC, CCISO, or HCISPP.
• Active Secret Security Clearance is required.

Nice To Haves

• Risk Management Framework (RMF) experience supporting DoD or federal systems.

Responsibilities

• Apply expert-level knowledge of the Risk Management Framework (RMF), including NIST SP 800-53 Revisions 4 and 5, to support security authorization processes and prepare comprehensive ATO submission packages.
• Coordinate with DISA, System Integrators, the Program Office, and Database Administrators to identify, analyze, and remediate system vulnerabilities.
• Perform continuous monitoring of security controls in alignment with the RMF strategy, ensuring ongoing compliance and risk awareness.
• Collaborate with Security Control Assessor (SCA) and Security Control Assessment Representative (SCAR) teams to plan and execute security testing for system releases and authorization activities.
• Support vulnerability management efforts, including implementation and tracking of STIGs, ACAS scans, Fortify static code analysis, and SIEM-based alerting and monitoring.
• Review and analyze system logs and alerts generated by the SIEM to detect potential threats and assess system health.
• Assess newly identified vulnerabilities, initiate appropriate tickets, and manage resolution through Configuration Management and cyber release processes.
• Work closely with the Compliance Team to support annual FIAR audit activities (e.g., SOC 1, SOC 2), tracking audit findings through POA&Ms to resolution.
• Participate in annual cybersecurity evaluations and red/blue team assessments, providing analysis and remediation planning for network, application, and database architecture findings.
• Contribute to AGILE Release Management Integrated Product Teams (IPTs), ensuring cybersecurity requirements are incorporated throughout development and change processes.
• Develop, review, and maintain cybersecurity policies, program documentation, and PMO guidance to support governance and compliance objectives.
• Lead remediation efforts for vulnerabilities documented in POA&Ms or planned cyber releases, with emphasis on resolving high-risk findings within defined timelines.
• Provide program leadership with regular updates on open POA&M items, including monthly status reporting or as requested.
• Support annual FISMA assessments, incident response activities, and contingency plan testing to maintain security posture and operational readiness.
• Maintain working knowledge of applicable cybersecurity standards, policies, and regulations from NIST, DoD, and other federal entities.
• Performs other related duties as assigned.

Benefits

• Eligible full-time employees receive a comprehensive benefits package, including medical, dental, vision, life and disability coverage, retirement savings with company match, paid time off, voluntary supplemental benefits, and access to an employee assistance program.
• The package also includes educational assistance, with tuition reimbursement.