Job Title: Cybersecurity Subject Matter Expert (SME)
Location: Fort Belvoir, VA / Washington DC/ Hybrid
Summary:
The program is modernizing financial management by replacing legacy systems with a unified ERP and advanced cloud-based analytics platform. It provides Oracle Analytics Cloud (OAC) support for the DAI program and Oracle E-Business Suite (EBS 12.2.x), replacing the current Oracle Analytics Server (OAS) to improve reporting, user experience, governance, security, and overall operational efficiency through enhanced data-driven decision-making.
Responsibilities:
Provides expert support, research and analysis of exceptionally complex problems, and processes relating to them. Serves as technical expert to the Cybersecurity Assessment Program providing technical direction, interpretation, and alternatives to complex problems. Thinks independently and demonstrates exceptional written and oral communications skills. Applies advanced technical principles, theories, and concepts. Contributes to the development of new principles, concepts, and methodologies. Works on unusually complex technical problems and provides highly innovative and ingenious solutions. Recommends cybersecurity software tools and assists in the development of software tool requirements and selection criteria to include the development of product specific STIGs from applicable DISA SRGs. Works under consultative direction toward predetermined long-range goals and objectives. Assignments are often self-initiated. Determines and pursues courses of action necessary to obtain desired results. Develops advanced technological ideas and guides their development into a final product.
Requirements:
- Proven proficiency performing CCRI/ vulnerability assessment/ penetration testing on networks, databases, computer applications and IT frameworks.
- Seven (7) years IT experience
- Five (5) years Cybersecurity experience
- Strong analytical and problem-solving skills for resolving security issues.
- Strong skills implementing and configuring networks and networks components.
- Command Cyber Readiness Inspection certification in at least one of the following areas: Retina scan analysis, Operating Systems (Windows, Unix), Boundary defense (network policy, router, firewall), Internal defense (L2 switch, L3 switch), DNS (policy, BIND/Windows), HBSS (remote console, AV, ABM, PA, HIPS, ePO), Traditional security (Common, Basic, NCV, SCV), Wireless communications (BES, handhelds)
- Knowledge and understanding of DOD security regulations, DISA STIGs
- Strong knowledge of SCAP
- Strong knowledge of RMF
- Expert experience in cybersecurity and evaluations
- Excellent knowledge of and proficiency with: VULNERATOR, USCYBERCOM CTO Compliance Program, Wireless vulnerability assessment, Web Services (IIS, Apache, Proxy), Database (SQL Server, Oracle), Email Services (Exchange), Vulnerability Scans (NESSUS, SCCM), Knowledge of Phishing exercises, USB Detect, Physical Security
- Relevant certification from a nationally recognized technical authority.
- DISA FSO certified CCRI Team Lead and certification in penetration testing, such as: Licensed Penetration Tester (LPT), Certified Expert Penetration Tester (CEPT), Certified Ethical Hacker (CEH), Global Information Assurance Certification Penetration Tester (GPEN) Tenable Certified NESSUS Auditor
- Required to possess a DOD SECRET Clearance and be eligible for an IT-II Non-Critical Sensitive security clearance or Tier 3 (T3) upon assignment.
- DoD 8570.01-M Certification: DFARS 252.239-7001 Information Assurance Contractor Training and Certification is required for this position.
- IA Technical (IAT)/IA Management (IAM) Level: IAT Level II (Reference: DoD Approved 8570 Baseline Certifications)
- IA Baseline Certification: DOD 8570 Approved Baseline Certifications
- CE/OS Certificate: DLA Approved CS CE List_v30. Certification must be applicable to the Oracle based DAI Application Environment
- Relevant certification from a nationally recognized technical authority.