Information Security Subject Matter Expert; SME

Information Security Subject Matter Expert (SME)

Join to apply for the Information Security Subject Matter Expert (SME) role at Nooks
.

Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited-time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure-as-a-Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation’s warfighters.

At Nooks, we value innovation, collaboration, and a service-first mindset.

We are seeking a highly specialized and experienced Information Security Subject Matter Expert (SME) to manage, lead, and administer the information security program for Sensitive Compartmented Information (SCI) systems and networks across the entire US Space Force classified enterprise. This critical role protects SCI data from unauthorized access, compromise, disruption, modification, or destruction. The SME serves as the authoritative Information Security resource for the HQ Special Security Officer (SSO) and Information System Security Manager (ISSM), providing guidance on system security planning, compliance with ICD 503 and CNSSI 1253, incident response, and continuous monitoring of classified IT infrastructure.

• System Security Planning and Compliance
• Regulatory Oversight:
  Serve as the Subject Matter Expert for all regulations pertaining to SCI Information Security, including ICD 503 (Security for Information Systems), CNSSI 1253, and relevant DoD/AFMAN directives.
• Vulnerability Management:
  Proactively identify system security vulnerabilities and provide expert recommendations for corrective actions and the implementation of appropriate security controls.
• Policy and Procedure Development:
  Lead the development, implementation, and maintenance of comprehensive security policies, procedures, and guidelines for SCI systems and networks across the enterprise.
• Risk Management Framework (RMF):
  Support the RMF process by ensuring security controls are properly implemented, documented, and assessed to maintain system Authority to Operate (ATO).
• Incident Response and Operations
• Incident Response Leadership:
  Lead and participate in all security incident response activities, including the identification, containment, eradication, and recovery from security incidents impacting SCI systems.
• SOP Development:
  Develop and maintain detailed Standard Operating Procedures (SOPs) for security incident instigation, mitigation, and reporting activities.
• Coordination:
  Coordinate incident response and forensic activities with the ISSM, SSO, command leadership, law enforcement, and other government agencies as required.
• Monitoring and Reporting:
  Stay up-to-date on the latest security threats, vulnerabilities, and technologies to inform defensive strategies.
• Content Review and Security Awareness
• Security Awareness and Training:
  Develop and deliver advanced security awareness training programs to educate personnel on their information security responsibilities. Conduct initial and recurring security briefings for personnel with access to SCI systems and networks.
• Prepublication Reviews:
  Develop and manage SOPs for pre-publication reviews of classified information. Serve as a liaison between the requestor and Subject Matter Experts to ensure timely and compliant reviews are completed.
• Classification Management:
  Serve as a liaison between requestors and Subject Matter Experts to ensure accurate classification level reviews are completed. Maintain the repository of applicable SCI Security Classification Guides (SCGs).
• Compliance, Audits, and Liaison
• Audits and Inspections:
  Lead and coordinate internal self-inspections and serve as the Information Security expert during external government compliance audits and inspections (e.g., DCSA, customer-led) across all USSF sites.
• Compliance Reporting:
  Prepare and submit required security reports. Maintain accurate records of security incidents, investigations, and compliance activities.
• Collaboration:
  
  Work closely with the SSO, Physical Security SME, and Personnel Security SME to ensure a unified and comprehensive security posture.

• Experience:
  
  Minimum 10 years of dedicated professional experience in Information Security, with a significant focus on SCI security and networks within the U.S. Defense Industrial Base or Intelligence Community.
• Clearance:
  Must possess and maintain an Active Top Secret (TS) / Sensitive Compartmented Information (SCI) eligibility security clearance. U.S. Citizenship is required.
• Regulatory Expertise:
  Expert-level, current knowledge of U.S. government Information Security regulations, specifically ICD 503 and CNSSI 1253.
• Technical Knowledge:
  Strong understanding of information security principles,…