Cyber Security (SME)
NOVA-Diné · Dayton, OH · 3 mo ago
EngineeringFull-time
Duties & Responsibilities
- Apply expert-level knowledge of the Risk Management Framework (RMF), including NIST SP 800-53 Revisions 4 and 5, to support security authorization processes and prepare comprehensive ATO submission packages.
- Cook up coordination with DISA, System Integrators, the Program Office, and Database Administrators to identify, analyze, and remediate system vulnerabilities.
- Perform continuous monitoring of security controls in alignment with the RMF strategy, ensuring ongoing compliance and risk awareness.
- Collaborate with Security Control Assessor (SCA) and Security Control Assessment Representative (SCAR) teams to plan and execute security testing for system releases and authorization activities.
- Support vulnerability management efforts, including implementation and tracking of STIGs, ACAS scans, Fortify static code analysis, and SIEM-based alerting and monitoring.
- Review and analyze system logs and alerts generated by the SIEM to detect potential threats and assess system health.
- Assess newly identified vulnerabilities, initiate appropriate tickets, and manage resolution through the Configuration Management and cyber release processes.
- Work closely with the Compliance Team to support annual FIAR audit activities (e.g., SOC 1, SOC 2), track Audit findings via POA&Ms through resolution.
- Participate in annual cybersecurity evaluations and red/blue team assessments, providing analysis and remediation planning for network, application, and database architecture findings.
- Contribute to AGILE Release Management Integrated Product Teams (IPTs), ensuring cybersecurity requirements are incorporated throughout system development and change processes.
- Develop, review, and maintain cybersecurity policies, program documentation, and PMO guidance to support governance and compliance objectives.
- Lead remediation efforts for vulnerabilities documented in POA&Ms or planned cyber releases, with emphasis on addressing high-risk findings identified by the SCA within defined timelines.
- Provide program leadership with regular updates on the status of open POA&M items, including monthly reporting or as requested.
- Sustain annual FISMA assessments, incident response activities, and contingency plan testing to maintain security posture and operational readiness.
- Maintain working knowledge of applicable cybersecurity standards, policies, and regulations, including those from NIST, DoD, and other federal entities.
Job Requirements (Education/Skills/Experience)
- Bachelor’s degree and a minimum of 8 years of relevant cybersecurity experience.
- Risk Management Experience a plus.
- Must have a CYSA + certification OR CAP, CASP+, CISM, CISSP, GSLC, CCISO, HCISPP Secret Security Clearance Required.