Cybersecurity SME Senior @ SMX

INACTIVE

Full-Time

Cybersecurity SME Senior

Ts/Sci CI Poly, Fort Meade, MD

Posted on 4/19/2024

SMX

1,001-5,000 employees

Commercial ISR platform with advanced technology

Consulting

Aerospace

Senior, Expert

Odenton, MD, USA

Required Skills

Communications

Requirements

PhD in an area of Science, Technology, Engineering or Mathematics with at least 15 years' experience as a cybersecurity professional
Active TS security clearance and eligible for SCI and NATO read-on prior to starting work
Meet the DoD requirements for a privileged user on a TS/SCI information system prior to starting work
Must meet DoD 8570 level II certification compliance (i.e. possess one of the following certifications: CompTIA CySA+, CompTIA Security+, CCNA-Security, GICSP, GSEC, SSCP)
15 years' experience with the assessment and accreditation activities of national security systems (NSSs)
10 years' experience validating system security controls
10 years' experience with vulnerability management
10 years' experience with DISA Security Technical Implementation Guides (STIGs), DISA Security Requirements Guide (SRG), and vendor-specific security guides
8 years' experience with RMF and eMASS
5 years' experience with POA&M tracking and resolution
3 years' experience performing the continuous monitoring of system security controls

Responsibilities

Perform the duties of an Information System Security Officer (ISSO) as defined in AR 25-2, DA 25-2-14, and the NIST SP 800-53 security controls when the organizationally-defined personnel includes the ISSO
Actively manages the organization’s eMASS records which includes but is not limited to:
Validates security controls including associated artifacts
Assesses security scan results and STIGs as required
Performs POA&M updates, tracking, and resolution
Leads the continuous monitoring activities of the organization
Manages the day-to-day activities and the professional development of the Cybersecurity Analysts
Collaborates with the O-ISSM on all assessment and authorization activities to ensure the information systems maintain an authority to operate (ATO) on all applicable DoD/IC networks
Maintain up-to-date status on all assigned systems and communicate status to the Government leads
Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings
Correspond with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards
Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and to mission data
Create and maintain cybersecurity policies and standards
Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards
Ensures security scans and STIG checklists are updated according to DA G2 policy
Produces actionable, risk-based reports on security assessment results
Assists with vulnerability remediation when necessary
Develops and maintains security plans and security testing plans
Periodically updates and improves risk models; metrics; reports; processes; and activities to stay compliant with evolving DoD and IC standards
Ensures the user community understands and adheres to necessary procedures to maintain security posture of the information systems
Provides guidance in the creation and maintenance of Standard Operating Procedures (SOPs); Tactics, Techniques, and Procedures (TTPs); and other similar documentation

SMX is seeking a Cybersecurity SME Senior to support 704th MI BDE at Ft. Meade, MD. The successful candidate will have experience working as an ISSO on large Department of Defense contracts and leading a team of other cyber security professionals in support of project and client goals and objectives.

Responsibilities:

Perform the duties of an Information System Security Officer (ISSO) as defined in AR 25-2, DA 25-2-14, and the NIST SP 800-53 security controls when the organizationally-defined personnel includes the ISSO
Actively manages the organization’s eMASS records which includes but is not limited to:
Validates security controls including associated artifacts
Assesses security scan results and STIGs as required
Performs POA&M updates, tracking, and resolution
Leads the continuous monitoring activities of the organization
Manages the day-to-day activities and the professional development of the Cybersecurity Analysts
Collaborates with the O-ISSM on all assessment and authorization activities to ensure the information systems maintain an authority to operate (ATO) on all applicable DoD/IC networks
Maintain up-to-date status on all assigned systems and communicate status to the Government leads
Maintain complete records of communications, submit written status reports as required, perform peer-review as directed, and attend weekly meetings
Correspond with the Government customer and system administrators to communicate any unacceptable risks identified and correct deficient POA&M items to meet DoD and IC standards
Coordinate with the Security Control Assessor (SCA) to perform analysis of the overall risk level the system poses to enterprise networks and to mission data
Create and maintain cybersecurity policies and standards
Ensure that cybersecurity plans, controls, processes, standards, policies, and procedures are aligned with cybersecurity standards
Ensures security scans and STIG checklists are updated according to DA G2 policy
Produces actionable, risk-based reports on security assessment results
Assists with vulnerability remediation when necessary
Develops and maintains security plans and security testing plans
Periodically updates and improves risk models; metrics; reports; processes; and activities to stay compliant with evolving DoD and IC standards
Ensures the user community understands and adheres to necessary procedures to maintain security posture of the information systems
Provides guidance in the creation and maintenance of Standard Operating Procedures (SOPs); Tactics, Techniques, and Procedures (TTPs); and other similar documentation

Requirements:

PhD in an area of Science, Technology, Engineering or Mathematics with at least 15 years’ experience as a cybersecurity professional OR a Master’s degree in an area of Science, Technology, Engineering or Mathematics with at least 18 years’ experience as a cybersecurity professional OR a Bachelor’s degree in an area of Science, Technology, Engineering or Mathematics with at least 20 years’ experience as a cybersecurity professional
Active TS security clearance and eligible for SCI and NATO read-on prior to starting work
Meet the DoD requirements for a privileged user on a TS/SCI information system prior to starting work
Must meet DoD 8570 level II certification compliance (i.e. possess one of the following certifications: CompTIA CySA+, CompTIA Security+, CCNA-Security, GICSP, GSEC, SSCP)
15 years’ experience with the assessment and accreditation activities of national security systems (NSSs)
10 years’ experience validating system security controls
10 years’ experience with vulnerability management
10 years’ experience with DISA Security Technical Implementation Guides (STIGs), DISA Security Requirements Guide (SRG), and vendor-specific security guides
8 years’ experience with RMF and eMASS
5 years’ experience with POA&M tracking and resolution
3 years’ experience performing the continuous monitoring of system security controls

Desired:

10 years’ experience as an ISSO on Army Intel programs
2 years’ experience with AC2SP tenant assessment and accreditation activities
Previous employment on NSA campus

#LI-TM1 #CJPOST

#LI-Onsite

At SMX®, we are a team of technical and domain experts dedicated to enabling your mission. From priority national security initiatives for the DoD to highly assured and compliant solutions for healthcare, we understand that digital transformation is key to your future success.

We share your vision for the future and strive to accelerate your impact on the world. We bring both cutting edge technology and an expansive view of what’s possible to every engagement. Our delivery model and unique approaches harness our deep technical and domain knowledge, providing forward-looking insights and practical solutions to power secure mission acceleration.

SMX is committed to hiring and retaining a diverse workforce. All qualified candidates will receive consideration for employment without regard to disability status, protected veteran status, race, color, age, religion, national origin, citizenship, marital status, sex, sexual orientation, gender identity or expression, pregnancy or genetic information. SMX is an Equal Opportunity/Affirmative Action employer including disability and veterans.

Selected applicant will be subject to a background investigation.

SMX

View

Website

View Company Profile

SMX specializes in a commercial ISR platform that integrates traditional and non-traditional ISR, leveraging advanced technology, security, compliance, and scalability as standard. The platform focuses on accelerating insights, automation, and mission enablement for better outcomes, value, and agility.

Company Stage

Acquired

Total Funding

N/A

Headquarters

Hollywood, Maryland

Founded

1995

Growth & Insights

Headcount

6 month growth

↑ 3%

1 year growth

↑ 6%

2 year growth

↑ 19%

INACTIVE