Cybersecurity SME Senior (TS/SCI) (4938) (Ft. Meade, MD)

About The Position

Requirements

• PhD in an area of Science, Technology, Engineering or Mathematics with at least 15 years’ experience as a cybersecurity professional OR a Master's degree in an area of Science, Technology, Engineering or Mathematics with at least 18 years’ experience as a cybersecurity professional OR a Bachelor’s degree in an area of Science, Technology, Engineering or Mathematics with at least 20 years’ experience as a cybersecurity professional
• Active TS/SCI (with willingness to submit to a CI Poly)
• Meet the DoD requirements for a privileged user on a TS/SCI information system prior to starting work
• Must meet DoD 8570 level II certification compliance (i.e. possess one of the following certifications: CompTIA CySA+, CompTIA Security+, CCNA-Security, GICSP, GSEC, SSCP)
• 15 years’ experience with the assessment and accreditation activities of national security systems (NSSs)
• 10 years’ experience validating system security controls
• 10 years’ experience with vulnerability management
• 10 years’ experience with DISA Security Technical Implementation Guides (STIGs), DISA Security Requirements Guide (SRG), and vendor-specific security guides
• 8 years’ experience with RMF and eMASS
• 5 years’ experience with POA&M tracking and resolution
• 3 years’ experience performing the continuous monitoring of system security controls

Nice To Haves

• 10 years’ experience as an ISSO on Army Intel programs
• 2 years’ experience with AC2SP tenant assessment and accreditation activities
• Previous employment on NSA campus

Responsibilities

• Perform the duties of an Information System Security Officer (ISSO) as defined in AR 25-2, DA 25-2-14, and the NIST SP 800-53 security controls when the organizationally-defined personnel includes the ISSO
• Actively manages the organization’s eMASS records which includes but is not limited to: Validates security controls including associated artifacts, Assesses security scan results and STIGs as required, Performs POA&M updates, tracking, and resolution
• Leads the continuous monitoring activities of the organization
• Manages the day-to-day activities and the professional development of the Cybersecurity Analysts
• Collaborates with the O-ISSM on all assessment and authorization activities to ensure the information systems maintain an authority to operate (ATO) on all applicable DoD/IC networks
• Maintain up-to-date status on all assigned systems and communicate status to the Government leads
• Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings
• Correspond with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards
• Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and to mission data
• Create and maintain cybersecurity policies and standards
• Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards
• Ensures security scans and STIG checklists are updated according to DA G2 policy
• Produces actionable, risk-based reports on security assessment results
• Assists with vulnerability remediation when necessary
• Develops and maintains security plans and security testing plans
• Periodically updates and improves risk models; metrics; reports; processes; and activities to stay compliant with evolving DoD and IC standards
• Ensures the user community understands and adheres to necessary procedures to maintain security posture of the information systems
• Provides guidance in the creation and maintenance of Standard Operating Procedures (SOPs); Tactics, Techniques, and Procedures (TTPs); and other similar documentation

Benefits

• At SMX, one of our Core Values is to Invest in Our People so we offer a competitive mix of compensation, learning & development opportunities, and benefits. Some key components of our robust benefits include health insurance, paid leave, and retirement.