Cybersecurity SME - G6 (Ft. Belvoir, VA) (3961)

SMX is seeking a Cybersecurity Subject Matter Expert to support at Ft. Belvoir as a trusted advisor to senior leadership, by providing expert guidance on information assurance and cybersecurity.

Responsibilities & Essential Duties

• Perform the duties of an Information System Security Officer (ISSO) as defined in AR 25-2, DA 25-2-14, and the NIST SP 800-53 security controls when organizationally defined personnel include the ISSO.
• Actively manages the organization’s Risk Management Framework (RMF) processes which includes but is not limited to:
  • Validates security controls including associated artifacts
  • Assesses security scan results and STIGs are required
  • Performs POA&M updates, tracking, and resolution
• Leads the continuous monitoring activities of the organization
• Manages the day-to-day activities and the professional development of the Cybersecurity Analysts
• Collaborates with the O-ISSM on all assessment and authorization activities to ensure the information systems maintain an authority to operation (ATO) on all applicable DoD/IC networks
• Main up-to-date status on all assigned systems and communicate status to the Government leads.
• Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings.
• Correspond with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards.
• Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and to mission data.
• Create and maintain cybersecurity policies and standards.
• Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards.
• Ensures security scans and STIG checklists are updated according to DA G2 policy.
• Produces actionable, risk-based reports on security assessment results.
• Assists with vulnerability remediation when necessary.
• Develops and maintains security plans and security testing plans.
• Periodically updates and improves risk models; metrics; reports; processes; and activities to stay compliant with evolving DoD and IC standards.
• Ensures the user community understands and adheres to necessary procedures to maintain security posture of the information systems.
• Provides guidance in the creation and maintenance of Standard Operating Procedures (SOPs); Tactics, Techniques, and Procedures (TTPs); and other similar documentation.

Required Skills and Experience

• Bachelor’s degree in an area of Science, Technology, Engineering or Mathematics with at least 5 years’ experience as a cybersecurity professional.
• Active TS security clearance and eligible for SCI and NATO read-on prior to starting work.
• Meet the DoD requirements for a privileged user on a TS/SCI information system prior to starting work – DoD 8140 / 8570.01-m requirements - IAT II
• 7 years’ experience with the assessment and accreditation activities of national security systems (NSSs)
• 5 years’ experience validating system security controls.
• 5 years’ experience with vulnerability management.
• 4 years’ experience with DISA Security Technical Implementation Guides (STIGs); DISA Security Requirements Guide (SRG), and vendor-specific security guides.
• 4 years’ experience with RMF and eMASS.
• 2 years’ experience with POA&M tracking and resolution.
• 1 years’ experience performing the continuous monitoring of system security controls.

Desired Qualifications

• 5 years’ experience as an ISSO on Army Intel programs.
• 1 years’ experience with AC2SP tenant assessment and accreditation activities.

Application Deadline: December 16, 2024

#LI-KH1  #CJPOST

#LI-onsite