Cybersecurity Lead

About The Position

Requirements

• A DoD TS/SCI clearance is required.
• 8+ years’ experience in cybersecurity for intelligence systems.
• CISSP certification.
• Expertise in security architecture, RMF compliance, and security engineering.
• Deep understanding of compliance frameworks such as NIST or ISO/IEC 27001.
• Experience working with or in the Intelligence Community (IC).
• Scaled Agile Framework (SAFe) Agilist or Certified Scrum Master (CSM) certification.

Nice To Haves

• Experience managing a cybersecurity team consisting of cybersecurity engineers, ISSOs and ISSMs.
• Experience with developing, testing, and sustaining a secure solution in dynamic, rapidly evolving multi-cloud and multi-security enclave environments.
• Experience managing a team responsible for developing and implementing enterprise security policies and practices.
• Experience assessing and planning for compliance with DoD Zero Trust in accordance with the DoD Zero Trust Strategy and DoD Zero Trust Reference Architecture.

Responsibilities

• Oversee cybersecurity measures for applications within an agile software environment.
• Design and develop new systems, applications, and solutions for enterprise-wide cyber systems and networks.
• Ensure system security needs are established and maintained for operations development, security requirements definition, security risk assessment, systems analysis, systems design, security test and evaluation, certification and accreditation, systems hardening, vulnerability testing and scanning, incident response, disaster recovery, and business continuity planning.
• Provide analytical support for security policy development and analysis.
• Integrate new architectural features into existing infrastructures, designs cyber security architectural artifacts, provide architectural analysis of cyber security features, and relate existing system to future needs and trends, embeds advanced forensic tools and techniques for attack reconstruction, provides engineering recommendations, and resolves integration and testing issues.
• Manage the assessment and authorization (A&A) efforts for accrediting and reaccrediting system authorizations.
• Perform vulnerability scanning to uncover any potential security concerns within the information systems.
• Work closely with stakeholders to ensure seamless decommissioning and accreditation of replacement systems with no downtime.
• Conduct technical exchange meetings (TEMs) and liaise with key departments to facilitate A&A efforts.
• Track and manage Plan of Action and Milestones (POAMs) across all systems, ensuring completion and recommending remediation steps.
• Conduct system self-scans to support initial, update, and reaccreditation efforts.
• Perform technical planning, system integration, verification and validation, and risk assessments.
• Develop and document security evaluation test plans and procedures.
• Provide documentation and recommendations for security best practices and risk management framework (RMF) accreditation.
• Drive application security and secure software development lifecycles, including containerization security as per NIST SP 800190.
• Conduct hands-on security testing, analyze test results, and recommend countermeasures.
• Provide guidance on cloud computing services, deployment architecture, and network management tools.