Cybersecurity Subject Matter Expert (SME)

About The Position

Requirements

• Minimum of ten (10) years of IT experience
• Minimum of ten (10) years of DoD cybersecurity experience
• Minimum of ten (10) years of RMF and NIST A&A experience
• Extensive experience supporting large, complex enterprise environments
• SME-level knowledge of RMF, NIST frameworks, and DoD A&A processes
• Expertise in STIGs, IAVMs, TCG configuration guides, and Task Orders
• Strong experience developing and reviewing cybersecurity artifacts and system documentation
• Ability to interpret ambiguous or evolving cybersecurity guidance
• Experience preparing for and supporting DoD cybersecurity inspections
• Proficiency with Microsoft Excel, Access, Power BI, and Power Platform
• Strong analytical, research, and problem-solving skills
• Ability to generate detailed cybersecurity reports and analytics
• Excellent written and verbal communication skills, including briefing leadership
• Experience working independently and leading teams with minimal oversight
• Knowledge of Cloud, IT, ICS, and OT cybersecurity environments
• Active DoD Secret Clearance required
• Must possess IT-II Non-Critical Sensitive (Tier 3) clearance at time of proposal submission
• DoD 8570 IAT Level III required, which includes one of the following: CompTIA Security+ (CE), CompTIA Cybersecurity Analyst (CySA+), CompTIA SecurityX (formerly CASP+), GIAC Security Essentials Certification (GSEC), and Systems Security Certified Practitioner (SSCP).
• ICS300 or equivalent OT/ICS cybersecurity certification, ACAS, and Tanium certifications required
• Must be eligible to meet DoD 8140 requirements

Responsibilities

• Provide expert technical direction and leadership for cybersecurity initiatives and teams
• Lead and mentor personnel to ensure high-quality cybersecurity deliverables and compliance
• Oversee development, validation, and maintenance of RMF artifacts and documentation
• Conduct security control assessments and authorization reviews for complex systems
• Prepare enterprise environments for DoD cybersecurity inspections (CCRI, CORA, Blue Team)
• Interpret and implement DoD cybersecurity policies, requirements, and guidance
• Develop key system documentation (SSP, CONOPS, IR Plan, Contingency Plan, CMP, etc.)
• Manage end-to-end POA&M lifecycle, including tracking and remediation closure
• Recommend cybersecurity tools and support development of tool requirements and selection criteria
• Assist in development of STIGs based on DISA SRGs
• Generate audit-ready cybersecurity reports, analytics, and trend analysis
• Analyze vulnerability and compliance data to support leadership decision-making
• Support cybersecurity strategy across IT, Cloud, ICS, and OT environments
• Solve complex cybersecurity challenges with innovative and scalable solutions

Benefits

• B&A is proud to offer three robust individual and family medical plans to full time employees, including a Health Savings Account (HSA) option as well as two tiers of dental coverage, vision, life & AD&D, disability, accident, hospital indemnity, and critical illness insurance.
• In addition to these benefits, B&A employees enjoy paid time off, B&A sponsored trainings and certifications, pet insurance benefits, commuter transit benefits and a free subscription to a virtual exercise platform (NEOU).
• B&A’s 401(k) plan is available to all employees and includes a company matching contribution.
• The B&A Cares program: 30/60/90-day wellness check ins, personal development, financial management, and stress management seminars, and more
• A formal mentorship program
• Job shadowing and cross training opportunities
• Brand Ambassador program
• Employee Assistance Program (EAP) - Access to various support resources to include counseling, legal guidance, financial planning, and more
• Monthly teambuilding events
• B&A Annual Wellness Challenges: #StepWithB&A, #WalkDuringLunchWithB&A, #VolunteeringWithB&A, #ExerciseDuringLunchWithB&A, and more