Secure Configuration Management (SCM) Subject-Matter Expert / Technical Lead

Position Title: Secure Configuration Management (SCM) Subject-Matter Expert / Technical Lead

Location: Bethesda, MD | Hybrid- Not Remote

Cybervance is a rapidly growing information security and information technology company based in Washington, D.C., and we are an equal opportunity employer. We design, develop, and manage the successful execution of training programs for government and private sector organizations. Cybervance believes in creating innovative solutions to deliver measured results.

We are seeking a highly experienced Secure Configuration Management (SCM) Subject-Matter Expert (SME) / Technical Lead to lead enterprise-wide efforts in secure baseline development, configuration compliance, and system hardening. The SME will serve as the primary technical authority for defining, implementing, and validating secure configurations across multiple platforms and services in accordance with federal cybersecurity standards, policies, and directives.

The ideal candidate will possess advanced knowledge of configuration management frameworks such as CIS Benchmarks, NIST SP 800-53 Rev. 5, NIST Baseline Checklist Repository, and CISA BOD 25-01 SCuBA Secure Configuration Baselines, along with hands-on experience implementing and maintaining secure configurations across diverse environments.

Responsibilities

• Lead the design, development, and implementation of secure configuration baselines for enterprise systems, applications, and cloud environments in accordance with federal standards and agency requirements.
• Assess foundational standards, regulations, and compulsory directives to develop agency-specific configuration baselines and implementation resources (e.g., GPOs, BigFix fixlets, scripts).
• Develop, maintain, and enforce secure baselines for:
• Multiple operating systems (Windows, Linux, macOS)
• Enterprise services and applications (Microsoft 365, AWS, Azure, GCP)
• Web browsers, databases, and other infrastructure components.
• Manage enterprise Group Policy Objects (GPOs) and Mobile Device Management (MDM) configurations using tools such as Jamf, BigFix, and Intune.
• Implement and automate configuration management and deviation tracking using enterprise solutions and scripts.
• Perform baseline compliance validation using enterprise scanning tools such as Tenable.SC, Nessus, and SCAP.
• Develop and maintain technical control sets and compliance scanning policies to ensure alignment with configuration baselines.
• Author technical documentation, including configuration standards, SOPs, workflows, risk assessments, and executive summaries.
• Facilitate collaborative working groups and configuration management forums, engaging stakeholders across cybersecurity, IT operations, and program offices.
• Serve as the technical lead and subject-matter expert, guiding teams and stakeholders in implementing secure configuration standards and ensuring enterprise-wide consistency.
• Conduct risk assessments and provide technical justifications to support risk-based decisions and configuration exceptions.
• Continuously monitor evolving configuration guidance, frameworks, and federal directives to maintain up-to-date and compliant secure baselines.

Experience

• Proven experience developing and maintaining secure configuration baselines across diverse operating systems and enterprise services.
• Advanced knowledge of CIS Benchmarks, NIST SP 800-53 Rev. 5, NIST Baseline Checklist Repository, and CISA BOD 25-01 SCuBA Secure Configuration Baselines.
• Hands-on experience developing and implementing GPOs, MDM configurations, and automation scripts to enforce security baselines.
• Proficiency with enterprise configuration and compliance tools, such as Jamf, BigFix, Intune, Tenable.SC, Nessus, or SCAP.
• Experience leading enterprise-level configuration compliance programs in large-scale or federal environments.
• Demonstrated ability to collaboratively develop configuration standards that align with mission and business requirements.
• Strong understanding of Windows, Linux, and macOS operating systems and associated hardening techniques.
• Familiarity with cloud environments (AWS, Azure, GCP) and secure configuration of cloud services.
• Expertise in baseline deviation tracking, compliance auditing, and configuration reporting.
• Proven experience leading multidisciplinary collaboration forums and working groups with diverse technical and policy stakeholders.
• Excellent written communication and professional technical writing skills, including business justifications, risk management documentation, and executive briefings.
• Strong interpersonal and leadership skills to guide stakeholders in implementing consistent configuration management practices.

Required Skills & Qualifications

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field (preferred).
• Current government security clearance: Public Trust.

Preferred Qualifications

• Professional certifications such as CISSP, CISM, CISA, or CompTIA Security+.
• Experience developing automation scripts (e.g., PowerShell, Python, or Bash) to support configuration management.
• Familiarity with Zero Trust Architecture and integration of secure configuration standards into Zero Trust environments.
• Experience supporting federal cybersecurity compliance programs or large hybrid enterprise environments.