Job Description:

The Cybersecurity SME is responsible for maintaining an appropriate level of confidentiality, integrity, authentication, non-repudiation, and availability that reflects a balance among the importance and sensitivity of the information and information assets; documented threats and vulnerabilities; the trustworthiness of users and interconnecting systems; and the impact of impairment or destruction to the DoD information system.

Candidate must have cybersecurity expertise necessary to ensure the products under the cognizance of the program comply with current and/or successor versions of the Federal Information Security Management Act of 2002 [Federal Information Security Management Act (FISMA), 44 U.S.C. § 3541], DoD Directives (DoDDs), DoD Instructions (DoDIs), Army policies, and regulations regarding net-readiness. The candidate will be responsible for preparing and obtaining approval of Certification and Accreditation documentation in accordance with the PEO IEW&S direction, DoDD 8500, DoDI8510.01, and the Risk Management Framework (RMF). Additional activities include:

Required Skills:

• Prepare and maintain all Certification & Accreditation(C&A) artifacts and documentation for the program’s products and systems in accordance with DoD and Army Instructions, Directives, Policies, and Regulations.
• Input and maintain artifacts for the program’s products and systems into the Enterprise Mission Assurance Support Service (eMASS).
• Execute the Information Assurance Vulnerability Management (IAVM) process to ensure dissemination, reporting, and compliance.
• Provide engineering and technical assistance to support vulnerability scans, penetration testing, vulnerability analysis, scan analysis, and security analysis on the program’s products and network components.
• Execute and analyze information from required scanning tools (e.g. Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), as well as commercial products, such as Fortify and CAST).
• Execute all other Cybersecurity monitoring and reporting to ensure compliance to include the development and maintenance of POA&Ms.
• Track and report on all mandated Cybersecurity training and certification requirements compliance within the program and ensure all Cybersecurity personnel meet and maintain all required training and certifications as directed in DoD 8570.01-M and AR 25-1.
• Comply with DoD 8570.01-M, Change 1 paragraph C2.1.7: “The IA workforce training and certification program establishes a baseline of validated (tested) knowledge that is relevant, recognized, and accepted across the Department of Defense.

Education and Certification:

• Bachelor’s degree with at least five (5) years of relevant experience in the application of Cybersecurity on large complex information systems. An additional five years of experience may be substituted for a degree
• Information Assurance (IA) and Cybersecurity training and certifications as directed in DoD 8570.01, the Army’s IA Training and Certification Best Business Practices

Optional Skills:

• Ability to meet the requirements outlined in DoD 8570.01-Manual(M) Baseline Certification for an Information Assurance Manager (IAM) Level III
• Knowledge and experience with the following Cybersecurity products; Assured Compliance Assessment Solution (ACAS), Enterprise Mission Assurance Support Service (eMASS), Host Based Security System (HBSS), Windows Server Update Services (WSUS).
• Strong analytical and problem-solving skills
• Must be able to work in a team and as in individual contributor
• Ability to work under tight deadlines and handle multiple/detail-oriented tasks
• Strong self-organization and self-management skills, with emphasis on self-initiation and follow through
• Excellent written and oral communication skills