Cybersecurity Subject Matter Expert Lead (59834)
BMA · Virginia, United States · 3 wk ago
RemoteRemoteEngineeringFull-time
Job Summary
BMA is seeking a Cybersecurity Subject Matter Expert (CS SME) – Lead to support the DLA JETS Cybersecurity Policy and Oversight Support Services (CPOSS) program. This is a fully remote position and contingent on contract award.
Responsibilities
- Enterprise Cybersecurity Technical Leadership
- Provides senior-level technical advice to the DLA cybersecurity assessment and oversight program, providing expert interpretation of cybersecurity policies, standards, and technical requirements.
- Provides authoritative guidance on complex cybersecurity issues involving enterprise systems, networks, applications, enclaves, and emerging technologies.
- Analyzes highly complex cybersecurity challenges and recommends innovative solutions that balance mission requirements, operational risks, and regulatory compliance.
- Risk Management Framework (RMF) and Cybersecurity Assessment Expertise
- Provides subject matter expertise on implementation and governance of the DoDI 8510.01 Risk Management Framework for DoD IT across DLA information systems.
- Advises government stakeholders on security control validation, risk assessments, and authorization readiness determinations.
- Supports development of enterprise-level recommendations regarding residual risk acceptance and cybersecurity posture improvements.
- Cybersecurity Tools, Standards, and Architecture Support
- Evaluates cybersecurity tools and technologies to support enterprise security assessment, monitoring, and compliance activities.
- Recommends cybersecurity software solutions and assists in defining functional and technical requirements for tool selection.
- Supports development of product-specific Security Technical Implementation Guides (STIGs) based on Defense Information Systems Agency Security Requirements Guides (SRGs).
- Provides technical leadership in evaluating network security architectures, vulnerability assessment methodologies, and cybersecurity implementation strategies.
- Enterprise Cybersecurity Policy and Methodology Development
- Contributes to the development of new cybersecurity principles, methodologies, and governance practices that improve the DLA enterprise cybersecurity program.
- Provides expert guidance in the development and refinement of enterprise cybersecurity policies, directives, and standard operating procedures supporting the CPOSS program.
- Supports the development of advanced cybersecurity concepts and technical approaches that strengthen enterprise security posture and compliance with DoD cybersecurity regulations.
- Strategic Analysis and Innovation
- Conducts research and analysis of emerging cybersecurity threats, technologies, and best practices relevant to the DLA mission environment.
- Develops innovative approaches for improving cybersecurity assessment processes, continuous monitoring practices, and enterprise risk management strategies.
- Identifies opportunities to enhance cybersecurity oversight capabilities through improved tools, automation, analytics, and governance frameworks.
- Senior-Level Advisory and Communication Support
- Provides expert written and oral briefings to senior government leadership regarding cybersecurity risks, program status, and recommended solutions.
- Prepares technical reports, white papers, and presentations addressing enterprise cybersecurity challenges.
Required Skills & Certifications
- Current DoD 8670.01/8140 IAM Level III certification that includes one or more of the following: ISACA CISM, ISC2 Certified Information Systems Security Professional (CISSP), GIAC/SANS GIAS Security Leadership Certification (GSLC), or EC-Council Certified Chief Information Security Officer (CCISO).
- 7+ years of Information Technology experience.
- 5+ years of Information Assurance / Cybersecurity experience.
- Demonstrated expertise in cybersecurity assessment methodologies, risk analysis, and enterprise cybersecurity governance.
- Strong analytical and problem-solving skills with the ability to resolve complex cybersecurity challenges.
- In-depth knowledge of DoD cybersecurity regulations and guidance, including RMF implementation.
- Strong familiarity with Defense Information Systems Agency STIGs and Security Requirements Guides (SRGs).
- Demonstrated ability to develop and evaluate cybersecurity technologies, architectures, and security solutions.
- Exceptional technical leadership and independent decision-making ability.
- Ability to translate complex cybersecurity issues into clear, actionable guidance for senior leadership.
- Strong written and oral communication skills capable of supporting executive-level briefings.
- Proven ability to innovate and develop new cybersecurity concepts, processes, and technical solutions.
- Demonstrated ability to work independently toward long-range cybersecurity program objectives.