Title:  Cybersecurity Inspections ~ Subject Matter Expert

Location: Alexandria, VA; Washington, DC; Reston, VA; College Park, MD

Clearance: TS/SCI with the ability to obtain and maintain a CI polygraph

Responsibilities:

The Cybersecurity Inspections SME must be able to provide expert guidance and direction to a team of technical reviewers supporting an IC-wide cybersecurity inspection program. In supporting inspections, the SME will:

• Demonstrate experience conducting site inspections or technical system audits
• Demonstrate strong understanding of Insider Threat topics, MITRE ATT&CK Framework, and NIST Security Controls
• Demonstrate excellent analytic, problem solving and decision-making skills, leadership and strong organizational skills, and ability to work directly with executive level client leaders
• Conduct independent, comprehensive assessments of IC agency sites and systems to determine compliance with published IC and agency standards
• Design sustainable risk management and compliance processes and structures in support of the cybersecurity inspection program
• Maintain responsibility for technical area inspection checklist criteria and inspection Tactics, Techniques and Procedures (TTPs)
• Analyze vulnerabilities discovered during site inspections to score risk to data, mission, and community
• Prepare technical recommendations based on the inspection findings that support development of a plan of action and milestones
• Prepare audit briefs that identify technical and procedural findings and provide recommended remediation strategies/solutions
• Develop processes for sharing cybersecurity inspection information with internal and external stakeholders as well as with the compliance team
• Provide support and conduct briefings on behalf of the government customer
• Author white papers, executive summaries, or other informational documents as required

Requirements:

• Bachelor's degree in Cybersecurity, Computer Science, or a related technical discipline, plus 10 years of relevant experience; an additional 4 years of hands-on experience may be substituted in lieu of a degree
• Expert knowledge and understanding of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
• Must have comprehensive understanding of Insider Threat, Host Based Security (HBS), Vulnerability Management, Auditing, Public Key Infrastructure/Enabling (PKI/PKE), Classification Management Tool (CMT), Password Management, User Training, Supply Chain Risk Management (SCRM), Incident Management, Incident Response Planning and Reporting, Physical/Traditional Security
• Demonstrate excellent written and verbal communication skills with ability to brief senior government officials
• Must be willing to travel up to 10-25% (mostly local travel)
• Must possess current DoD 8570 IAT Level III certification
• Current active TS/SCI clearance, with the ability to obtain and maintain a CI polygraph

Equal Opportunity Employer/Veteran/Disabled