Cyber Security Subject Matter Expert (SME)

We are seeking a highly qualified Cyber Security Subject Matter Expert (SME) to support the Task Order for IT Operations and Cybersecurity Services. The Cyber Security SME will provide senior-level cybersecurity expertise, strategic advisory support, technical analysis, and operational leadership in support of BIS enterprise cybersecurity, compliance, cloud modernization, and zero trust initiatives.

The Cyber Security SME will support the protection of mission-critical systems, applications, cloud environments, and data assets while ensuring compliance with Federal cybersecurity mandates, including FISMA, NIST, Executive Order 14028, OMB guidance, and Department of Commerce security requirements.

*This position is contingent upon contract award.*

Responsibilities:

• The Cyber Security SME shall provide subject matter expertise and technical leadership across cybersecurity engineering, governance, risk management, compliance, cloud security, incident response, and security operations.

Specific responsibilities include:

• Cybersecurity Engineering and Risk Management
  • Provide advanced technical knowledge and analysis supporting BIS cybersecurity programs and initiatives.
  • Support implementation and sustainment of Zero Trust Architecture aligned to NIST SP 800-207 and Federal mandates.
  • Design, evaluate, and improve cybersecurity controls, architectures, and security engineering processes.
  • Assess and analyze vulnerabilities, threats, risks, and mitigation strategies across enterprise systems and cloud environments.
  • Conduct risk assessments and provide recommendations for risk remediation and continuous monitoring activities.
  • Support implementation and management of security controls for Microsoft GCC-High and Azure Government environments.
  • Support Identity and Access Management (IAM), Role-Based Access Control (RBAC), Multi-Factor Authentication (MFA), and endpoint security initiatives.
• Compliance and Assessment Support
  • Develop, review, and maintain cybersecurity documentation, including:
    • System Security Plans (SSPs)
    • Risk Assessments
    • Security Assessment Reports (SARs)
    • Contingency Plans
    • POA&Ms
    • Security Test and Evaluation (ST&E) documentation
    • Vulnerability Assessment Reports
    • Interconnection Security Agreements (ISAs)
  • Ensure compliance with:
    • FISMA
    • NIST SP 800 series
    • OMB cybersecurity guidance
    • Executive Order 14028
    • Federal Zero Trust requirements
    • Department cybersecurity policies
  • Support Security Assessment and Authorization (SAA) activities for agency systems and applications.
  • Participate in internal and external audits, inspections, and assessments.
• Security Operations and Incident Response
  • Support cybersecurity monitoring, threat detection, and incident response activities.
  • Analyze security events, vulnerabilities, and indicators of compromise.
  • Support forensic investigations and incident handling activities.
  • Assist with implementation of threat hunting and intrusion detection capabilities.
  • Support vulnerability management and remediation activities.
  • Coordinate mitigation strategies with system administrators, engineers, and security teams.
• Technical Advisory and Program Support
  • Provide technical consultation and strategic cybersecurity guidance to Government leadership and stakeholders.
  • Participate in technical exchange meetings, working groups, architecture reviews, and program reviews.
  • Analyze data from multiple sources, including open-source intelligence, assessments, and operational reporting.
  • Prepare technical reports, briefings, dashboards, metrics, and executive-level presentations.
  • Assist in developing cybersecurity policies, procedures, standards, and best practices.
  • Support transition planning, knowledge transfer, and continuous improvement initiatives.
• Cloud and Infrastructure Security
• Support secure cloud migration and modernization efforts.
• Evaluate cloud-native security technologies and recommend best practices.
• Assist with implementation of cloud monitoring, logging, encryption, and security automation solutions.
• Support secure configuration and management of network infrastructure, VPNs, firewalls, and hybrid environments.
• Ensure secure operation of enterprise infrastructure and cybersecurity tools.
• Other duties as assigned.

Qualifications:

• Years of Experience: Minimum of eight (8) years of progressive cybersecurity experience supporting Federal IT and cybersecurity environments.
• Education Level: Master’s degree (MS/MA) in Cybersecurity, Information Technology, Computer Science, Information Assurance, Engineering, or a related technical field.
• Clearance Requirements:
  • U.S. Citizenship required.
  • Ability to obtain and maintain a Secret security clearance.
  • Positions may require Top Secret/SCI eligibility depending on assigned duties.
  • Must successfully complete all required background investigations and badging requirements.
• Certification Requirements:
  • One or more of the following industry certifications are strongly preferred:
    • CISSP – Certified Information Systems Security Professional
    • CISM – Certified Information Security Manager
    • CCSP – Certified Cloud Security Professional
    • GIAC certifications
    • CEH – Certified Ethical Hacker
    • Security+
    • Azure Security Engineer Associate
    • Certified Information Systems Auditor (CISA)
• Strong understanding of Federal cybersecurity regulations, frameworks, and standards.
• Advanced knowledge of NIST SP 800-series publications and cybersecurity best practices.
• Strong understanding of cloud security architecture and hybrid cloud environments.
• Experience conducting technical analysis, security testing, and risk assessments.
• Ability to develop and review complex cybersecurity documentation.
• Strong written and verbal communication skills.
• Ability to brief executive leadership and technical stakeholders.
• Ability to work independently and collaboratively in high-visibility Federal environments.
• Strong analytical, organizational, and problem-solving skills.
• Support may require participation in after-hours maintenance, incident response, and on-call activities.
• The Cyber Security SME will support government initiatives involving:
  • Enterprise cybersecurity operations
  • Cloud engineering and modernization
  • Microsoft GCC-High and Azure Government environments
  • Security monitoring and incident response
  • Zero Trust implementation
  • Continuous diagnostics and mitigation
  • Compliance and governance activities
  • IT infrastructure modernization
  • Federal cybersecurity reporting and assessment activities