Cybersecurity SME

Duties & Responsibilities - The duties and responsibilities described below are typical though not necessarily all inclusive.

• Work closely with T2COM G2 Cybersecurity and IT Services departments to establish and administer appropriate security systems, policies, standards, and procedures in compliance with applicable government directives and guidelines.
• Ensure network security and compliance on business operational network in accordance with Army and DoW polices and best practices.
• Review compliance with DoD 8140, NIST SP 800-53, C&A, POAMS and other audit and security requirements, when applicable, for customer supported infrastructure.
• Maintain inputs to eMASS as the centralized cybersecurity management platform for the full spectrum of cybersecurity management activities.
• Integrate the Risk Management Framework (RMF) process Ensures security policies, standards, and procedures are enforced
• Develop POAMs (Plan of Action and Milestones) for essential tracking of corrective actions that help the government manage and mitigate risks effectively and maintain firewalls and other security and intrusion detection devices.
• Optimize IT infrastructure auditing and monitoring capability to analyze incident and event notifications
• Generate required compliance reports to include RMF authorization packages and DoD Cybersecurity Scorecards that provide visibility of enterprise level cybersecurity posture. and verify COOP/DR capabilities for the business operational network theater wide.
• Update and maintain procedures for operation of secure IT assets
• Establish knowledge sharing, standardized practices and process improvement and review effectiveness of security awareness and education programs for DoD government and contractor employees.
• Maintain awareness of changes to DoD cybersecurity and other applicable policies and update local policies as needed.
• Review system security audit logs on standalone and networked systems.
• Ensure systems are operated, maintained, and disposed of in accordance with DoD and local security policies and procedures.
• Support Information System Incident Response in accordance with the DoD and local Incident Response Plan.
• Support enterprise DevSecOps and SDLC standards for an enterprise application development platform.

Minimum Qualifications

• Six (6) years of experience in cybersecurity, with a proven track record in risk management, threat mitigation, and security strategy development.
• At least 2 years previous experience as an ISSO/ISSM or another organizational equivalent.
• Possess certified DoD 8140 certifications to specific roles within the DoD Cyber Workforce Framework (DCWF). Validated mapping of required skills, certifications, and qualifications and workforce categories/functions of Cybersecurity, Intelligence (Cyberspace) and IT (Cyberspace). CompTIA Security+ (for foundational cybersecurity knowledge); Certified Information Systems Security Professional (CISSP) (for advanced cybersecurity professionals); Certified Ethical Hacker (CEH) (for ethical hacking and penetration testing); and Certified Cloud Security Professional (CCSP) (for cloud security roles).
• Proven oral and written communications skills including presentation development and delivery for clients
• Ability to obtain and maintain an active Top Secret with SCI eligibility 

Preferred Qualifications

• Bachelor’s degree in a Cybersecurity or IT-related field.
• Extensive knowledge of cybersecurity frameworks (e.g., NIST, ISO 27001), compliance regulations, and industry best practices.
• Exceptional communication skills with the ability to convey complex security topics to executive leadership and non-technical stakeholders.
• Experience in leading cybersecurity teams and advising C-level executives on security investments and risk management priorities.
• Advanced knowledge of emerging security technologies, cloud security, and threat intelligence.