Cyber Security Subject Matter Expert; SME

Job Title: Cyber Security Subject Matter Expert (SME)

Location: Washington, DC

Position Type: Full time

Req : JR100148

We are seeking a highly qualified Cyber Security Subject Matter Expert (SME) to support the Task Order for IT Operations and Cybersecurity Services. The Cyber Security SME will provide senior-level cybersecurity expertise, strategic advisory support, technical analysis, and operational leadership in support of BIS enterprise cybersecurity, compliance, cloud modernization, and zero trust initiatives.

The Cyber Security SME will support the protection of mission-critical systems, applications, cloud environments, and data assets while ensuring compliance with Federal cybersecurity mandates, including FISMA, NIST, Executive Order 14028, OMB guidance, and Department of Commerce security requirements.

* This position is contingent upon contract award.*

• The Cyber Security SME shall provide subject matter expertise and technical leadership across cybersecurity engineering, governance, risk management, compliance, cloud security, incident response, and security operations.
• Cybersecurity Engineering and Risk Management
  • Provide advanced technical knowledge and analysis supporting BIS cybersecurity programs and initiatives.
  • Support implementation and sustainment of Zero Trust Architecture aligned to NIST SP 800-207 and Federal mandates.
  • Design, evaluate, and improve cybersecurity controls, architectures, and security engineering processes.
  • Assess and analyze vulnerabilities, threats, risks, and mitigation strategies across enterprise systems and cloud environments.
  • Conduct risk assessments and provide recommendations for risk remediation and continuous monitoring activities.
  • Support implementation and management of security controls for Microsoft GCC-High and Azure Government environments.
  • Support Identity and Access Management (IAM), Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), and endpoint security initiatives.
• Compliance and Assessment Support
  • Develop, review, and maintain cybersecurity documentation, including:
    • System Security Plans (SSPs)
    • Risk Assessments
    • Security Assessment Reports (SARs)
    • Contingency Plans
    • POA&Ms
    • Security Test and Evaluation (ST&E) documentation
    • Vulnerability Assessment Reports
    • Interconnection Security Agreements (ISAs)
  • Ensure compliance with:
    • FISMA
    • NIST SP 800 series
    • OMB cybersecurity guidance
    • Executive Order 14028
    • Federal Zero Trust requirements
    • Department cybersecurity policies
  • Support Security Assessment and Authorization (SAA) activities for agency systems and applications.
  • Participate in internal and external audits, inspections, and assessments.
• Security Operations and Incident Response
  • Support cybersecurity monitoring, threat detection, and incident response activities.
  • Analyze security events, vulnerabilities, and indicators of compromise.
  • Support forensic investigations and incident handling activities.
  • Assist with implementation of threat hunting and intrusion detection capabilities.
  • Support vulnerability management and remediation activities.
  • Coordinate mitigation strategies with system administrators, engineers, and security teams.
• Technical Advisory and Program Support
  • Provide technical consultation and strategic cybersecurity guidance to Government leadership and stakeholders.
  • Participate in technical exchange meetings, working groups, architecture reviews, and program reviews.
  • Analyze data from multiple sources, including open-source intelligence, assessments, and operational reporting.
  • Prepare technical reports, briefings, dashboards, metrics, and executive-level presentations.
  • Assist in developing cybersecurity policies, procedures, standards, and best practices.
  • Support transition planning, knowledge transfer, and continuous improvement initiatives.
• Cloud and Infrastructure Security
  • Support secure cloud migration and modernization efforts.
  • Evaluate cloud-native security technologies and recommend best practices.
  • Assist with implementation of cloud monitoring, logging, encryption, and security automation solutions.
  • Support secure configuration and management of network infrastructure, VPNs, firewalls, and hybrid environments.
  • Ensure secure operation of enterprise infrastructure and cybersecurity tools.
• Other duties as assigned.

• Years of
  
  Experience:
  
  Minimum of eight (8) years of progressive cybersecurity experience supporting Federal IT and cybersecurity environments.
• Education Level: Master's degree (MS/MA) in Cybersecurity, Information Technology, Computer Science, Information Assurance, Engineering, or a related technical field.
• Clearance Requirements
  • U.S. Citizenship required.
  • Ability to obtain and maintain a Secret security clearance.
  • Positions may require Top Secret/SCI eligibility depending on assigned duties.
  • Must successfully complete all required background investigations and badging requirements.
• Certification Requirements
  • One or more of the following industry certifications are strongly preferred:
    • CISSP Certified Information Systems Security Professional
    • CISM…