Cybersecurity Lead

About The Position

Requirements

• Must possess and maintain an active Secret Clearance
• 7 years of experience in cybersecurity operations
• Certified Information Systems Security Professional (CISSP) Certification

Nice To Haves

• Experience in Artificial Intelligence (AI) and Machine Learning (ML) for predictive analytics and threat detection.
• Experience in Zero Trust Architecture for enhanced cybersecurity.
• Experience in Containerization technologies (e.g., Docker, Kubernetes) for scalable application deployment.
• Experience in Advanced cloud solutions (e.g., serverless computing, hybrid cloud models).

Responsibilities

• Lead RMF Implementation: Direct and execute all six phases of the Risk Management Framework (RMF) lifecycle to ensure compliance with Department of the Navy (DON) standards, DoDI 8510, and DoDI 8500.01.
• Manage Assessment and Authorization (A&A): Guide Assessment and Authorization processes, assisting the Package Submitting Office (PSO) with assessment packages managed within eMASS.
• Ensure FISMA Compliance: Provide strategic assistance to the Echelon I Information System Security Manager (ISSM) to maintain current FISMA compliance for approximately thirty systems and various applications.
• Provide FQNV Validation Services: Deliver master-level validation services as a Fully Qualified Navy Validator (FQNV) to guarantee compliance with Navy Authorizing Officials (NAO) and Security Control Assessor (SCA) guidelines.
• Track and Report POA&Ms: Monitor and report on A&A packages and Plan of Action and Milestones (POA&Ms) in eMASS to track the timely closure of open security control findings.
• Manage Security Documentation: Create and maintain formal process documentation, meeting minutes, collaboration records, and internal cybersecurity knowledge base updates to support the Navy SCA liaison and NAO review processes for obtaining Authorities to Operate (ATOs).
• Conduct Vulnerability Management: Serve as the computer network vulnerability testing agent. Analyze Assured Compliance Assessment Solution (ACAS) scan results and monitor the Microsoft Defender for Endpoint (MDE) dashboard on a weekly basis to ensure accurate threat data.
• Administer IAVM Program: Act as the Information Assurance Vulnerability Management (IAVM) agent, reviewing the Vulnerability Remediation Asset Manager (VRAM) daily and reporting compliance status to government personnel.
• Perform Web Risk Assessments (WRA): Conduct web risk analysis on all systems and applications to ensure compliance with DoD/DON guidance, protecting operational security and data privacy.
• Oversee System Registrations: Assist the Information Security Manager (IAM) and Program Managers with reporting compliance and asset registration within the DON Application and Database Management System (DADMS) and DoD IT Portfolio Repository (DITPR-DON).
• Deliver Consistent Reporting: Provide daily A&A updates, weekly activity reports, biweekly system status reports, and monthly POA&M summaries to government stakeholders.