Subject Matter Expert; Secure Enterprise

Position: Subject Matter Expert (Secure the Enterprise)
Amentum is seeking a Subject Matter Expert (SME) 3 for a prime contract.

Essential Responsibilities:

* Serve as Lead Technical Advisor for the Secure the Enterprise (STE) and Zero Trust (ZT) initiatives, working one-on-one with the Government Division Chief and Technical Director and Deputy Authorizing Official to advise on STE/ZT strategies, policies, and performance

* Brief the Chief Information Security Officer and Chief Information Officer on STE data, trends, updates, and changes

* Serve as the highest level of STE technical support to the security community

* Converse, analyze and advise on STE areas of concern to include Transport Layer Security (TLS) versions and cipher suites, Network Flow data (Net Flow and its variants), configuration of network devices, audit data logs (syslog and variants) collection and analysis, user activity monitoring, and other technical areas

* Assist system personnel across the enterprise to maintain the appropriate operational security posture in accordance with STE compliance regulations, policies and playbook guidance for their assigned systems, programs, and/or enclaves

* Provide guidance and technical expertise on all STE requirements that impact or affect the security compliance of the information system

* Assist in the development and execution of an enterprise level STE compliance program that facilitates RMF continuous monitoring to minimize security risks and ensure compliance with that program on a routine basis.

* Manually review submitted evidence and justifications for manual compliance validations, determinations of applicability and exceptions for all STE security controls

* Based on your review, make recommendations to leadership for approval or rejection of requests for exceptions from STE security requirements

* Based on your review and written guidance, approve, or reject requests for manual validation or determination of applicability

* Work with information system personnel to troubleshoot and correct rejected requests for manual compliance validation, determinations of applicability and exceptions

* Review automated STE compliance data for errors or inconsistencies and report findings to leadership

* Assess the effectiveness of general IT and specific STE security controls on an ongoing basis to determine the STE program's effectiveness

* Maintain, develop, and enforce STE security policies, implementation guidelines and customer training for information system personnel in diverse operational environments

* Coordinate with software developers to recommend changes, develop system requirements, and test new implementations

Minimum Requirements (Knowledge, Skills, and Abilities):

* Demonstrate a high-level of independent thought, action and judgement

* Demonstrate a high-level of problem solving and solution development to include designing and developing full-stack data analysis solutions in Python and Django in a Linux server environment, and ability to maintain current applications

* Self-motivated, independent, detail-oriented, responsible team player

* Experience briefing and working with the highest levels of government agency leadership

* Ability to develop cross-organization and interagency relationships and maintain them over time

* A working knowledge of the security authorization processes and procedures as defined in the RMF in NIST SP800-37

* Knowledge of cloud architecture and cloud service providers

* Knowledge of Customer enterprise tools and solutions.

* Ability to effectively communicate with customers of various skill levels to resolve compliance issues

* Ability and willingness to perform deep dive analysis on customer issues to resolve their compliance challenges

* Knowledge of a broad spectrum of commercial security tools and their uses

* Experience with hardware/software security implementations

* Knowledge of different communication protocols, encryption techniques/tools, and PKI and authorization services.

* Familiarity with security incident management, experience collaborating with Incident Response Teams, and able to provide viable recommendations for the resolution or computer security incidents and vulnerability compliance.

*…