Senior Cyber Security SME

About The Position

Requirements

• Bachelor’s Degree in related IT field
• Ability to obtain a U.S. government Security Clearance
• Eight years of IA experience; 3 of which must be FISMA-related
• Experience leading teams of information security professionals
• Demonstrated ability to apply extensive knowledge of a variety of the IA field’s concepts, practices, and procedures to ensure the secure integration and operation of all systems
• Knowledge of NIST SP 800 family of publications, particularly those associated with risk management policy and procedures
• Extensive specialized knowledge of financial audit standards, classified system IA requirements, Privacy Act requirements, or Critical Infrastructure Protection
• Experience with evaluating systems, networks, or infrastructure security controls against requirements such as FISMA, FIPS, and NIST guidelines
• Extensive knowledge and experience with three (3) of the four (4) following criteria: Vulnerability scanning execution, assessment, and analysis Operating system and network knowledge (i.e., Local Area Networks [LAN] and Wide Area Networks [WAN]) Information security and assurance principles (e.g., Defense-in-depth) and associated supporting technologies Application security, database security, and network security
• Demonstrated ability to assess and weigh current and evolving security threats in an operational environment
• Knowledge of DHS Information Security Policy Directives and Handbooks
• Experience with Azure
• Required possession of one or more professional security certifications, including but not limited to: Certified Information System Security Professional (CISSP) Certified Information Systems Auditor (CISA) Certified Ethical Hacker (CEH)

Nice To Haves

• Demonstrated ability to rely on extensive experience and judgment to plan and accomplish goals
• Able to work effectively independently to solve problems quickly and completely
• Ability to lead effectively and direct the work of others
• Experience reporting to , communicating with, and/or collaborating with Federal program stakeholders
• Experience in supporting, monitoring, testing, and troubleshooting hardware and software IA problems
• Excellent oral and written communication skills
• Management experience in leading a team of security professionals

Responsibilities

• Leading a team of ISSOs including prioritizing continuous monitoring schedules , performance management, and customer relationship management
• Ensuring that all ISSOs within the program area are properly trained on ISSO activities
• Providing security-related expertise and mentorship to junior ISSOs within the program area
• Supporting personnel management activities for the program area team
• Ensuring that security requirements for the assigned major application or general support system are being or shall be met.
• Ensuring that requests for security authorization (also referred to as C&A) of assigned major application or general support systems are completed in accordance with the published procedures
• Ensuring that protective measures for physical security threats are in place
• Ensuring compliance with all legal requirements concerning the use of commercial proprietary software, e.g., respecting copyrights and obtaining site licenses
• Maintaining an inventory of hardware and software within the program/development offices or field site facilit ies
• Coordinating the development of a Contingency Plan and ensuring that the plan is tested and maintained
• Ensuring risk analyses are completed to determine cost-effective and essential safeguards
• Ensuring preparation of security plans for sensitive systems and networks
• Attending security awareness and related training programs and distributing security awareness information to the user community as appropriate
• Reporting IT security incidents (including computer viruses) in accordance with established procedures
• Reporting security incidents not involving IT resources to the appropriate security office
• Providing input to appropriate IT security personnel for preparation of reports to higher authority concerning sensitive and/or national security information systems