Key skills
CloudCyber SecuritySplunkIAMELK StackLeadershipRisk Management
About this role
Role Overview
- Oversee the implementation and application of technologies, processes, and practices designed to protect applications, networks, devices, programs, and data from malicious attack, damage, or unauthorized access.
- Maximize the use of existing tools to correlate information and synthesize data into actionable intelligence for incident response and overall cybersecurity situational awareness.
- Identify, assess, and integrate new technologies to enhance cybersecurity defenses, and conduct in-depth research on emerging cybersecurity technologies, practices, policies, and procedures.
- Communicate complex technical concepts and project details clearly to both technical and non-technical stakeholders at varying levels, providing situational awareness and facilitating informed decision-making by government leadership.
- Provide expert insight into industry trends and make strategic recommendations for the future direction of the program’s cybersecurity systems and network defenses, ensuring effective incident response capabilities.
- Support other cybersecurity initiatives, including patch and vulnerability management, network monitoring, intrusion detection/prevention, and log analysis.
- Identify and recommend mitigations for identified threats, vulnerabilities, and capability shortfalls, ensuring continuous protection.
- Develop and manage Plans of Action and Milestones (POA&M) in support of risk mitigation strategies.
- Review and provide recommendations on program-level documentation (e.g., system architecture, design documents, test plans, security plans, POA&Ms).
Requirements
- Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field, or equivalent professional experience.
- At least 10 years of experience working in cybersecurity risk management; with at least 5 years of experience working in cybersecurity risk management for the Department of Defense or other federal government agency.
- Demonstrated ability to deliver high-value technical and strategic deliverables, including reports, presentations, executive summaries, white papers, and decision-support materials for senior leadership.
- In-depth understanding of DoD cybersecurity frameworks, including DoD Cloud Computing Security Requirements Guide (CC SRG) and Secure Cloud Computing Architecture (SCCA).
- Strong familiarity with DoD, NIST, FIPS, FISMA, and FedRAMP cybersecurity standards and frameworks.
- At least 7 years of experience with cybersecurity tools, including Security Information and Event Management (SIEM) platforms (e.g., ArcSight, ELK Stack, Splunk), Host-Based Intrusion Prevention Systems (HBSS/ESS), and Vulnerability Management Tools (e.g., ACAS, Tenable Nessus).
- Understanding of Security Technical Implementation Guides (STIG) and Security Requirements Guides (SRG).
- Must hold an active Secret Security Clearance; U.S. citizenship is required.
- Must possess or obtain within 6 months of hire the following certification(s) depending on role: For ISSM role: IAM III Certification (CISSP, CSSLP, GSLC, CCISO). For technical cybersecurity role: IAT III Certification (CISSP, CASP+, CCNP Security, CISA, GCED, GCIH, CCSP).
Tech Stack
- Cloud
- Cyber Security
- Splunk
Benefits
- Health insurance
- 401(k) matching
- Professional development opportunities