Cyber Security (SME)

About The Position

Requirements

• Bachelor’s degree and a minimum of 8 years of relevant cybersecurity experience.
• Must have a CYSA + certification OR CAP, CASP+CE,CISM,CISSP,GSLC, CCISO,HCISPP
• Secret Security Clearance Required

Nice To Haves

• Risk Management Experience a plus.

Responsibilities

• Apply expert-level knowledge of the Risk Management Framework (RMF), including NIST SP 800-53 Revisions 4 and 5, to support security authorization processes and prepare comprehensive ATO submission packages.
• Coordinate with DISA, System Integrators, the Program Office, and Database Administrators to identify, analyze, and remediate system vulnerabilities.
• Perform continuous monitoring of security controls in alignment with the RMF strategy, ensuring ongoing compliance and risk awareness.
• Collaborate with Security Control Assessor (SCA) and Security Control Assessment Representative (SCAR) teams to plan and execute security testing for system releases and authorization activities.
• Support vulnerability management efforts, including implementation and tracking of STIGs, ACAS scans, Fortify static code analysis, and SIEM-based alerting and monitoring.
• Review and analyze system logs and alerts generated by the SIEM to detect potential threats and assess system health.
• Assess newly identified vulnerabilities, initiate appropriate tickets, and manage resolution through the Configuration Management and cyber release processes.
• Work closely with the Compliance Team to support annual FIAR audit activities (e.g., SOC 1, SOC 2), track Audit findings via POA&Ms through resolution.
• Participate in annual cybersecurity evaluations and red/blue team assessments, providing analysis and remediation planning for network, application, and database architecture findings.
• Contribute to AGILE Release Management Integrated Product Teams (IPTs), ensuring cybersecurity requirements are incorporated throughout system development and change processes.
• Develop, review, and maintain cybersecurity policies, program documentation, and PMO guidance to support governance and compliance objectives.
• Lead remediation efforts for vulnerabilities documented in POA&Ms or planned cyber releases, with emphasis on addressing high-risk findings identified by the SCA within defined timelines.
• Provide program leadership with regular updates on the status of open POA&M items, including monthly reporting or as requested.
• Support annual FISMA assessments, incident response activities, and contingency plan testing to maintain security posture and operational readiness.
• Maintain working knowledge of applicable cybersecurity standards, policies, and regulations, including those from NIST, DoD, and other federal entities.