Cybersecurity Lead & SME (Active DoD secret/top secret required)- Hybrid

Job Description:

The Cybersecurity Lead Engineer and Subject Matter Expert is responsible for ensuring the security and integrity of information systems within the Defense Information Systems Agency (DISA). This role involves conducting detailed code reviews, implementing security policies, managing security risks, and providing technical leadership in compliance with DISA and DoD guidelines.

What You Will Do:

• Security Policy Implementation: Ensure adherence to DISA's security policies, procedures, and guidelines.
• Code Review: Conduct thorough reviews of code to identify potential security vulnerabilities and ensure compliance with established security standards.
• Documentation: Maintain comprehensive documentation of security assessments and code reviews.
• Risk Management: Evaluate security risks and implement measures to mitigate them effectively.
• Collaboration: Work closely with systems administration and development teams to ensure secure administration and coding practices are followed throughout the software development lifecycle (SDLC).
• Advanced Cybersecurity Tools: Utilize and provide expertise in advanced cybersecurity tools and applications.
• Security Assessments and Audits: Engage in regular security assessments and audits.
• Technical Leadership: Provide technical guidance and mentorship to junior ISSOs and development teams.
• Craft and implement strategies, particularly as they relate to a thorough cybersecurity posture.
• Lead DevSecOps initiatives, integrating security into the software development lifecycle.
• Manage compliance with standards like ISO, NIST, GDPR, and CMMC.
• Drive program risk assessments using the Risk Management Framework (RMF).
• Liaise with program leadership to align programs with government objectives.
• Collaborate with cross-functional teams to integrate services with existing enterprise systems.

What We Need:

• Bachelor s degree in a relevant field or equivalent experience. Relevant training certifications are a plus. In place of a degree, a combination of training certifications and years of experience will be considered.
• 8+ years of experience in cybersecurity.
• 3+ years of experience in information security, particularly in code review and vulnerability assessment.
• Proficiency in programming languages such as Python, Java, and C++ or equivalent.
• Strong understanding of secure coding practices and the SDLC.
• Familiarity with DISA Security Technical Implementation Guides (STIGs) and the Risk Management Framework (RMF) as outlined in DoDI 8510.01.
• Expertise in using cybersecurity tools.
• Experience with security automation tools like Ansible, Chef, or Puppet.
• Familiarity with blockchain, IoT security, and AI/ML applications in cybersecurity.
• Experience in incident response, digital forensics, and handling advanced persistent threats (APTs).
• Excellent writing, editing, and communication skills.
• Proficiency in Microsoft Office (Word, PowerPoint, Excel, Visio) and Adobe Acrobat.
• Ability to communicate findings and recommendations clearly to both technical and nontechnical stakeholders.
• Strong organizational skills and attention to detail.
• Ability to work collaboratively with cross functional teams.
• Strong analytical and problem-solving abilities.
• Adaptability to rapidly changing security landscapes and technologies.

Certifications:

• CISSP, CEH, CISM, CSSLP, DoD 8570.01M IAT Level II or III, or comparable
• Preferred: CCSP, OSCP

Clearance Level:

• DoD Secret clearance or Top secret clearance (U.S. Citizenship is required)