(640) Cybersecurity Management Specialist IV

About The Position

Requirements

• Must be a U.S. Citizen.
• Ability to obtain/maintain Secret clearance.
• No degree or any degree in a non-directly related field with technical certifications and at least 10 years of relevant experience; or Bachelor’s Degree in a directly related field and at least 7 years of relevant experience.
• Experience supporting Army cybersecurity programs, including direct work with Army Test and Evaluation Command (ATEC) or similar organizations.
• Extensive hands-on experience with tools and solutions such as eMASS, ACAS, HBSS/ESS, SCAP, and experience conducting technical scans, compliance validation, and artifact management in large enterprise environments.
• Relevant experience must be in Information Security or Network/System Administration with demonstrated expertise in DoD regulatory compliance and information security management frameworks, including NIST SP 800-37, NIST SP 800-53, DoD RMF, etc.
• Must be a subject matter expert capable of independently developing and interpreting cybersecurity plans and procedures, conducting incident response, risk assessments, and overall RMF activities from start to finish.
• Must possess one of the following professional certifications: CISSP, CCSP, CISM, CISA, GSLC, or CASP.
• Experience with developing policies, guides, and procedures; experience with Federal and FedRAMP Assessment and Authorization (A&A) processes; and proficiency with vulnerability management and continuous monitoring tools is required.

Nice To Haves

• Demonstrated ability to independently execute and guide all phases of the RMF process for a range of information system types (e.g., connected networks, isolated/standalone, and cloud-based environments)
• Successful record of collaborating with federal stakeholders, authorizing officials, system administrators, and security managers in the development of complex cybersecurity deliverables.
• Experience training, mentoring, or supervising cybersecurity technical staff.
• Strong written and verbal communication skills, including report writing, creating technical guides, policies, and procedures tailored to military or federal customers.
• Additional professional certifications in cybersecurity or risk management (e.g., additional DoD 8140/8570 compliance certifications beyond the minimum requirements) are highly desirable.
• Experience with Army-specific information systems and compliance requirements is a plus.

Responsibilities

• Serve as the primary subject matter expert in the execution, validation, and maintenance of the Army/NETCOM defined Risk Management Framework (RMF) process for assigned systems.
• Create, review, and maintain cybersecurity documentation including policies, procedures, diagrams, hardware/software inventories, security plans, and risk assessments required for ATO packages.
• Register and maintain systems in the Enterprise Mission Assurance Support Service (eMASS) and related Army Portfolio Management Solution (APMS) records.
• Oversee the identification and monitoring of data to assign Confidentiality, Integrity, and Availability (CIA) levels for all in-scope systems.
• Guide the establishment and documentation of proper control inheritance, select controls, and create System Security Plans (SSPs).
• Populate, review, and submit technical artifacts, including scan results at the Control Correlation Identifier (CCI) level, ensuring compliance with quarterly and annual requirements.
• Conduct periodic security audits and assessments, evaluate the effectiveness of implemented security controls, and identify/track areas for improvement.
• Prepare and submit complete and accurate ATO package workflows, ensuring on-time submissions to meet Authorization Termination Dates (ATD) and prevent any lapse in system authorization.
• Oversee the development, tracking, and maintenance of Plans of Action and Milestones (POA&M) for all identified vulnerabilities.
• Guide system administrators in the application of Security Technical Implementation Guides (STIGs), verifying compliance through Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP) scans.
• Provide regular and accurate reporting to Government leadership on security compliance, operational posture, and identified risks or vulnerabilities.
• Collaborate with government cyber leads (O-ISSM, P-ISSM) and system administrators to guide and support all RMF-related activities.
• Act as a mentor and source of expert guidance to supporting technical staff, reviewing submitted artifacts, and providing feedback to ensure enterprise requirements are met.
• Support training, compliance, and audit activities as required by contract and Government standards.
• Maintain accurate and up-to-date security plans, risk assessments, incident reports, and other required security documentation in accordance with all contractual data deliverables.
• Ensure all products and solutions administered are documented and maintained in compliance with Department of Defense (DoD), Army, and local cybersecurity guidelines.