Cybersecurity Subject Matter at MSM Technology, LLC – Alexandria, Virginia

Job Summary:

The Cybersecurity Subject Matter Expert (SME) will be responsible for leading and executing the comprehensive cybersecurity program to protect the Agency’s Enterprise Infrastructure. The SME will manage all aspects of security compliance, Risk Management Framework (RMF) activities, and vulnerability management to ensure systems maintain their Authority to Operate (ATO) and are compliant with all DoD and Agency policies. The SME will be responsible for leading and executing the comprehensive cybersecurity program to protect the Agency’s Enterprise Infrastructure. The SME will manage all aspects of security compliance, RMF activities, and vulnerability management to ensure systems maintain their ATO and are compliant with all DoD and Agency policies.

Core Responsibilities:

• Lead all activities required to maintain current and achieve new ATOs and Authorities to Connect (ATCs) for all Agency systems, utilizing the DoD Risk Management Framework (RMF) in accordance with NIST 800-37 and 800-53A.
• Perform as the System-Level Information System Security Officer (S-ISSO), managing day-to-day security operations and preparing, managing, and maintaining the complete RMF authorization package within eMASS, including the System Security Plan (SSP), control implementation evidence, and related artifacts.
• Direct the vulnerability management program by ensuring all vulnerabilities identified by tools such as ACAS and SCAP are remediated within mandated timelines; develop and manage robust Plans of Action & Milestones (POA&Ms) for any exceptions.
• Oversee and perform Information Assurance Vulnerability Management (IAVM) compliance patching, STIG compliance, and remediation for all IT assets, and report compliance status in accordance with JFHQ-DoDIN guidelines.
• Support all internal and external security reviews, including CSSP vulnerability assessments, Cyber Operational Readiness Assessments (CORA), IG audits, and penetration testing by providing artifacts, expertise, and coordination.
• Actively collaborate with government and development teams on the "System Security Package," conduct annual assessments of eMASS security and privacy controls, and provide technical input for all Privacy Impact Assessments (PIAs) and System of Record Notices (SORNs).
• Ensure application security by applying the Application Security and Development (ASD) STIG, performing secure code reviews, managing code scans, and ensuring remediation of findings before deployment to production.
• Maintain privileged access by ensuring all personnel performing IA functions satisfy DoD IA training, certification (per DoDD 8410-01), and Computing Environment (CE) certification requirements.

• Must have Government IT Contracting experience.
• Must possess five (5) years of experience in the cybersecurity field and experience with executing the Risk Management Framework (RMF).

Must have either:

• A minimum bachelor’s degree in a relevant field or
• Holds Certified Information Security System Professional (CISSP) certification with 5 years of experience in the fields of cybersecurity and RMF.
• Must have certifications in any of the cloud disciplines: Microsoft Certified Solutions Expert (MCSE), Cloud Platform and Infrastructure, AWS Certified Solutions Architect, Red Hat Certified System Administrator in Red Hat OpenStack or any cloud certification that validates that the candidate is eligible to handle high level and modern data center environments.

Preferred: CISSP