Client: Department of Energy (DOE)
Location: DMV Metropolitan Area
Role: Cybersecurity SME – Master
Location: DMV Metropolitan Area
Reports To: BPA PM
A Master Cybersecurity SME to support a DOE – Cybersecurity Assessment & Authorization (A&A) Support Services BPA Task Order. The work location will be at a DOE facility located in the DMV Metropolitan Area.
The Master Cybersecurity SME will assist DOE leadership with Risk Management and A&A strategy, development, and execution. The SME will:
- Serve as subject matter expert, possessing in-depth knowledge of the Risk Management Framework and A&A areas, such as cyber security principles, cyber security operations, and cyber security compliance.
- Possess a detailed understanding of the integration of the various components of IT and cyber security in creating an integrated approach to risk management and cybersecurity for an organization
- Work closely with System Owners and ISSOs in preparing and executing A&A activities, and developing compliance and security strategies
- Lead and perform assessment and authorization (A&A) efforts under the NIST Risk Management Framework (RMF) and agency directives
- Lead cybersecurity analysis in preparation for A&A reviewing and validation of all associated cybersecurity documentation and technical controls
- Develop System Security Plans (SSP), Contingency Plans, Business Impact Analyses (BIA), Plan of Action and Milestones (POA&Ms), Security Assessment Report (SARs), Security Assessment Plan (SAPs), and other documentation
- Identify key stakeholders in A&A efforts and ensure system documentation reflects current system security configurations to include hardware and software components, data flow, interconnections, and ports, protocols, and services, etc.
- Identify potential risks associated with system configurations and advise on mitigation strategies
- Participate in A&A status meetings and facilitate moving systems toward a successful A&A effort
- Assist to estimate Level of Effort (LOE) involved in performing A&A activities
- Assist to develop and implement detailed test plans and review findings from self-assessments to determine readiness for independent validation and verification (IV&V) assessment
- Assist customer program offices in interpreting and applying mitigation strategies
- Conduct IV&V assessments and analyze test results for accuracy, compliance, and adherence to Federal cybersecurity requirements
- Conduct thorough reviews of all vulnerabilities, architecture, and defense in depth strategies and report findings in POA&Ms document
- Document residual risks and provide the cybersecurity risk analysis and mitigation determination results
- Produce risk assessment artifacts describing initial risks during system development and residual risks identified during IV&V
- Maintain cybersecurity policy and processes as assigned
- Manage and track systems or programs involved in the A&A process; manage A&A projects on governance tools (as applicable)
- Participate in the development and implementation of security related directives and guidance for Cybersecurity; Information Technology; and Information Management
- Promote an environment of continuous process improvement, learning, and team collaboration
- Bachelor’s degree or equivalent work experience from an accredited university in Computer Science, Software Engineering, Business Administration, Management, or another scientific or technical discipline
- 10 years of relevant experience
- Professional cybersecurity certification (e.g. CISSP, CISM, CISA, CEH, Sec+, CCNP, GCIH, GCED, or CASP+).
- Ability to obtain a Secret (or above) National Security Clearance
Why is this a Compelling Position?
As a Master Cybersecurity SME, you will
- Implement and shape key policies and processes to protect government agencies’ data and systems
- Interface with system owners and operators and the system security officers to deploy and instantiate cybersecurity compliance and risk-based practices, all while leveraging state of the art technologies and approaches
- Be a trusted member of the security team, and a key advisor to system owners and operators in building a culture of risk awareness and cybersecurity compliance and operations.
- Help our federal agencies protect themselves against our nation’s adversaries and sophisticated cyber threats
For more information, view the full position description here.