Cybersecurity Lead

About The Position

Requirements

• Minimum of 8 years with BS/BA; Minimum of 6 years with MS/MA; Minimum of 3 years with PhD
• Clearance: TS/SCI (active)
• Education / Training / Certification: Candidate must meet ONE: Master’s or Ph.D. in Computer Science, Cybersecurity, Data Science, Information Systems, Information Technology, or Software Engineering; OR Relevant DoD/Military training (e.g., 4C‑FA26A, M09CHN1, A‑531‑0009, Information Systems Security Manager (Advanced) Playlist); OR Relevant certifications (see list below).
• Experience: Progressive cybersecurity experience, with at least 3 years in senior technical/lead roles supporting enterprise or DoD mission environments.
• Demonstrated expertise: RMF lifecycle, security control implementation/assessment, incident response, vulnerability management, cloud security, STIG/STIG-equivalent application, and security architecture.
• Strong communication and leadership skills for cross-functional coordination and senior‑leader briefings.
• Acceptable Certifications (one or more preferred) CISM, CISSP, CISSP‑ISSMP, FITSP‑M, GCIA, GCIH, GICSP, GSLC, or equivalent advanced security certifications

Nice To Haves

• Prior DoD/Army/ARNG cybersecurity leadership experience
• Experience with cloud security (AWS/Azure/GCP), DevSecOps, SIEM/SOAR, EDR/XDR, IAM/Privileged Access Management
• Experience leading ATO efforts and coordinating with AOs, SCA/3PAOs, and CSO offices
• Experience with classified environments and secure enclave operations

Responsibilities

• Develop and govern enterprise cybersecurity strategy, policies, standards, and technical baselines aligned with RMF, NIST SPs, FISMA, DoDI, and Army guidance.
• Architect and implement security controls for networks, applications, cloud services, and mission systems; drive hardening, STIG/STIG-equivalent compliance, and secure configuration management.
• Oversee vulnerability management, threat/hunt analysis, incident response coordination with SOC/CIRT, and remediation tracking.
• Lead RMF/authorization activities: system security plans (SSP), security control implementation, assessment artifacts, POA&Ms, and ATO coordination.
• Implement zero‑trust, IAM, endpoint protection, EDR, network protections, logging/monitoring, and automated security orchestration where appropriate.
• Conduct risk assessments, security architecture reviews, and design reviews; advise engineering and cloud teams on secure design and mitigations.
• Drive continuous monitoring, metrics/KPIs, audit readiness, and cybersecurity maturity assessments.
• Evaluate emerging technologies, recommend architectural improvements, and lead security tool deployments and integrations.
• Produce decision‑grade briefings, status reports, and remediation recommendations for senior leadership.