Cybersecurity Subject Matter Expert

Job Description

CSCI Consulting is looking for a Cyber Security Subject Matter Expert to support our DoD client. In this role, the consultant will provide expert support, research and analysis of exceptionally complex problems, and processes relating to them.
Serves as technical expert to the Cybersecurity Assessment Program providing technical direction, interpretation, and alternatives to complex problems. Thinks independently and applies advanced technical principles, theories, and concepts to the development of new principles, concepts, and methodologies. Works on unusually complex technical problems and provides highly innovative and ingenious solutions. Recommends cybersecurity software tools and assists in the development of software tool requirements and selection criteria to include the development of product specific STIGs from applicable DISA SRGs. Works under consultative direction toward predetermined long-range goals and objectives. Assignments are often self-initiated. Determines and pursues courses of action necessary to obtain desired results. Develops advanced technological ideas and guides their development into a final product. Expertise is in the area of cybersecurity and evaluations.

Responsibilities

• Serve as a cybersecurity Subject Matter Expert (SME) with regards to cybersecurity Architecture policies and procedures.
• Provide cybersecurity Management support to the Program Executive Officer (PEO) Program Management Offices (PMO) for emerging information systems through the acquisition lifecycle and where applicable into sustainment.
• Serve as a principal liaison for Enterprise-level boundary defense initiatives to ensure consistent and sufficient identification and implementation of applicable security controls in concert with the cybersecurity and IT architecture.
• Provide oversight for the design and implementation of Enterprise level cybersecurity solutions providing standards for access control capabilities across Enterprise.

Minimum Experience

• Seven (7) years IT experience
• Five (5) years IA experience
• Three (3) years of experience with DOD Vulnerability Management System
• Must have ten (10) years’ experience supporting DoD or Federal Oracle shared service providers on an
  Oracle EBS R12.2 platform or higher.

Minimum Requirements

• Security Clearance:
  • Access Level: IT-2
  • Classifications: DOD SECRET
  • Sensitivity Level: Non-critical Sensitive
  • Type of Investigation: Current Tier 3 (T3) or National Agency Check with Local Agency Check and Credit Check (NACLC) at time of proposal submission.
• DoD 8570.01-M Certification: DFARS 252.239-7001 Information Assurance Contractor Training and Certification is required for this position.
  • IA Technical (IAT)/IA Management (IAM) Level: IAT Level II
  • IA Baseline Certification: Attachment_3_DOD 8570 Approved Baseline Certifications_Full_20210526
  • CE/OS Certificate: Attachment_4_DLA Approved CS CE List_v28_20230221. Certification must be applicable to the Oracle based DAI Application Environment
  • Relevant certification from a nationally recognized technical authority.
• Creativity and adaptability in problem-solving
• Ability to work with clients to understand their needs
• Strong organizational and time-management skills
• Excellent written and verbal communication skills
• Professional presence
• Proven proficiency performing CCRI/ vulnerability assessment/ penetration testing on networks, databases, computer applications and IT frameworks.
• Strong analytical and problem-solving skills for resolving security issues.
• Strong skills implementing and configuring networks and networks components.
• Command Cyber Readiness Inspection certification in at least one of the following areas:
  • Retina scan analysis
  • Operating Systems (Windows, Unix)
  • Boundary defense (network policy, router, firewall)
  • Internal defense (L2 switch, L3 switch)
  • DNS (policy, BIND/Windows)
  • HBSS (remote console, AV, ABM, PA, HIPS, ePO)
  • Traditional security (Common, Basic, NCV, SCV)
  • Wireless communications (BES, handhelds)
• Tenable Certified NESSUS Auditor, IAM level III and IAT level II certifications
• Knowledge and understanding of DOD security regulations, DISA STIGs.
• Strong knowledge of SCAP
• Strong knowledge of RMF
• Excellent knowledge of and proficiency with:
  • VULNERATOR
  • USCYBERCOM CTO Compliance Program
  • Wireless vulnerability assessment
  • Web Services (IIS, Apache, Proxy)
  • Database (SQL Server, Oracle)
  • Email Services (Exchange)
  • Vulnerability Scans (NESSUS, SCCM)
  • Knowledge of Phishing exercises
  • USB Detect
  • Physical Security
• DISA FSO certified CCRI Team Lead and certification in penetration testing, such as:
  • Licensed Penetration Tester (LPT)
  • Certified Expert Penetration Tester (CEPT)
  • Certified Ethical Hacker (CEH)
  • Global Information Assurance Certification Penetration Tester (GPEN)
• Creativity and adaptability in problem-solving
• Ability to work with clients to understand their needs
• Strong organizational and time-management skills
• Excellent written and verbal communication skills
• Professional presence

Preferred Skills

• Ability to work in a team environment, as well as independently
• Strong customer and vendor relationship skills
• Demonstrated ability to comply with data standards and policies
• Motivation to learn new technologies and methodologies that demonstrate value
• Past experience working with a Defense Logistics Agency
• Department of Defense experience is a plus!