Jobs · Engineering · Ohio

Cyber Security (SME)

NOVA-Diné · Dayton, OH · 3 mo ago
EngineeringFull-time

Duties & Responsibilities

  • Apply expert-level knowledge of the Risk Management Framework (RMF), including NIST SP 800-53 Revisions 4 and 5, to support security authorization processes and prepare comprehensive ATO submission packages.
  • Cook up coordination with DISA, System Integrators, the Program Office, and Database Administrators to identify, analyze, and remediate system vulnerabilities.
  • Perform continuous monitoring of security controls in alignment with the RMF strategy, ensuring ongoing compliance and risk awareness.
  • Collaborate with Security Control Assessor (SCA) and Security Control Assessment Representative (SCAR) teams to plan and execute security testing for system releases and authorization activities.
  • Support vulnerability management efforts, including implementation and tracking of STIGs, ACAS scans, Fortify static code analysis, and SIEM-based alerting and monitoring.
  • Review and analyze system logs and alerts generated by the SIEM to detect potential threats and assess system health.
  • Assess newly identified vulnerabilities, initiate appropriate tickets, and manage resolution through the Configuration Management and cyber release processes.
  • Work closely with the Compliance Team to support annual FIAR audit activities (e.g., SOC 1, SOC 2), track Audit findings via POA&Ms through resolution.
  • Participate in annual cybersecurity evaluations and red/blue team assessments, providing analysis and remediation planning for network, application, and database architecture findings.
  • Contribute to AGILE Release Management Integrated Product Teams (IPTs), ensuring cybersecurity requirements are incorporated throughout system development and change processes.
  • Develop, review, and maintain cybersecurity policies, program documentation, and PMO guidance to support governance and compliance objectives.
  • Lead remediation efforts for vulnerabilities documented in POA&Ms or planned cyber releases, with emphasis on addressing high-risk findings identified by the SCA within defined timelines.
  • Provide program leadership with regular updates on the status of open POA&M items, including monthly reporting or as requested.
  • Sustain annual FISMA assessments, incident response activities, and contingency plan testing to maintain security posture and operational readiness.
  • Maintain working knowledge of applicable cybersecurity standards, policies, and regulations, including those from NIST, DoD, and other federal entities.

Job Requirements (Education/Skills/Experience)

  • Bachelor’s degree and a minimum of 8 years of relevant cybersecurity experience.
  • Risk Management Experience a plus.
  • Must have a CYSA + certification OR CAP, CASP+, CISM, CISSP, GSLC, CCISO, HCISPP Secret Security Clearance Required.

Similar jobs

Cyber Security (SME)

Diné Development CorporationDayton, OH· 3 mo ago
Engineeringapply on ddc-dine-careers.icims.com

Cyber Security SME

TENICA Global SolutionsHerndon, VA· 26 mo ago
Engineeringapply on tenica.hrmdirect.com

Cybersecurity SME

Lucayan Technology Solutions LLCTampa, FL· 2 mo ago
Engineeringapply on ats.rippling.com

Cybersecurity SME

KBR CareersDulles, VA· 4 days ago
Engineering$176k–$215k/yrapply on careers.kbr.com