Master Cybersecurity SME

Client: Department of Energy (DOE)
Location: DMV Metropolitan Area

Client: DOE
Role: Cybersecurity SME – Master
Location: DMV Metropolitan Area
Reports To: BPA PM

Position Overview

A Master Cybersecurity SME to support a DOE – Cybersecurity Assessment & Authorization (A&A) Support Services BPA Task Order. The work location will be at a DOE facility located in the DMV Metropolitan Area.

Responsibilities

The Master Cybersecurity SME will assist DOE leadership with Risk Management and A&A strategy, development, and execution. The SME will:

  • Serve as subject matter expert, possessing in-depth knowledge of the Risk Management Framework and A&A areas, such as cyber security principles, cyber security operations, and cyber security compliance.
  • Possess a detailed understanding of the integration of the various components of IT and cyber security in creating an integrated approach to risk management and cybersecurity for an organization
  • Work closely with System Owners and ISSOs in preparing and executing A&A activities, and developing compliance and security strategies
  • Lead and perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) and agency directives
  • Lead cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls
  • Develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation
  • Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
  • Identify potential risks associated with system configurations and advise on mitigation strategies
  • Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
  • Assist to estimate Level of Effort (LOE) involved in performing A&A activities
  • Assist to develop and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment
  • Assist customer program offices in interpreting and applying mitigation strategies
  • Conduct IV&V assessments and analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
  • Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document
  • Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
  • Produce risk assessment artifacts describing initial risks during system development and residual risks identified during IV&V
  • Maintain cybersecurity policy and processes as assigned
  • Manage and track systems or programs involved in the A&A process; manage A&A projects on governance tools (as applicable)
  • Participate in the development and implementation of security related directives and guidance for Cybersecurity; Information Technology; and Information Management
  • Promote an environment of continuous process improvement, learning, and team collaboration

Requirements

  • Bachelor’s degree or equivalent work experience from an accredited university in Computer Science, Software Engineering, Business Administration, Management, or another scientific or technical discipline
  • 10 years of relevant experience
  • Professional cybersecurity certification (e.g. CISSP, CISM, CISA, CEH, Sec+, CCNP, GCIH, GCED, or CASP+).
  • Ability to obtain a Secret (or above) National Security Clearance

Why is this a Compelling Position?

As a Master Cybersecurity SME, you will

  • Implement and shape key policies and processes to protect government agencies’ data and systems
  • Interface with system owners and operators and the system security officers to deploy and instantiate cybersecurity compliance and risk-based practices, all while leveraging state of the art technologies and approaches
  • Be a trusted member of the security team, and a key advisor to system owners and operators in building a culture of risk awareness and cybersecurity compliance and operations.
  • Help our federal agencies protect themselves against our nation’s adversaries and sophisticated cyber threats

For more information, view the full position description here.