Cybersecurity-SME (Expert) #2067

Description

Compass is looking for a motivated individual to provide operational services primarily to the Intelligence Community (IC), the Department of War (DoW), and Federal communities. Our goal is to hire talented and passionate team members who desire to grow their skillsets, as well as the reputation of the company with our partners, clients, and stakeholders. We are looking for an individual to join an innovative team supporting mission critical/mission essential activities.

Position: Cybersecurity-SME Expert #2067
Location: Springfield, VA
Clearance Required: Active Top Secret/SCI

Position Description

The Subject Matter Expert (SME) provides extremely high-level subject matter expertise for work in support of IC and DoD Cybersecurity requirements, specifications, certifications, and regulations to include but not limited to facets such as Zero-Trust (ZT), Identity, Credential, and Access Management (ICAM), Privileged Access Management (PAM), and Public-Key Infrastructure (PKI). The SME provides advanced technical knowledge and analysis of highly specialized applications and operational environments, high-level functional systems analysis, design, integration, documentation, training, and implementation advice on complex, sometimes esoteric problems which require detailed, in-depth knowledge of the subject matter for effective oversight. The SME understands the multiple facets of cybersecurity requirements and applies sound principles, methods, and techniques to provide recommendations that ensure optimal security and performance. The SME designs and prepares technical reports, studies, and related documentation, makes charts and graphs to record metrics and analytics, prepares and delivers presentations, training, and briefings as required by the Enterprise Cybersecurity Division.

Key Duties

• Assess the current architecture of existing NGA Program/Activities and design the appropriate cloud architecture for those activities. Once the appropriate architecture has been established, work with government and contractor personnel supporting the migrating activity to transition them into the appropriate cloud environment.
• Facilitate Agency implementation of multiple facets of the seven ZT pillars such as the Identity, Credential and Access Management (ICAM) Zero Trust Architecture (ZTA) Cloud Modernization by developing multi-cloud ICAM strategies and architectures and recommending NGA portfolio and program technical acquisition strategies that align with IC/DoD Identity and Access Management (IdAM) policies and directives.
• Analyze IdAM capabilities to develop recommendations for senior level decision makers on NGA's IdAM multi-cloud/ZTA capabilities and those of other IC and DoD partners.
• Develop recommended courses of action for NGA senior leadership with options for IC Information Technology Enterprise (ITE) Identification Authentication Authorization (IAA) and Department of War (DoW) adoption and transition of Agency Enterprise services when applicable.
• Collaborate across agencies (inter-agency) and across NGA (intra-agency) to analyze cybersecurity vulnerabilities to develop recommendations for senior leadership on matters of cybersecurity inter-dependencies, requirements, risks, threats, and prioritized courses of action.
• Track requirements and devise processes in support of Privileged Access Management (PAM) to verify proper elevated users are monitored for anomalies across multi-cloud environments, and research strong multifactor authentication technologies for multi-cloud environments. Identify, prioritize, and resource-plan a phased approach for a zero-trust architecture to verify that both, Non-Person Entities (NPEs) and Person-Entities (PEs) have a verified identity (Authentication -AuthN), reducing the threat of cyber-attacks.
• Evaluate test plans, observe tests, and monitor test results for functional requirements developed for cybersecurity and ZT capability Integration associated with migration activities to demonstrate to the NGA Program Management Office (PMO) that the migrated activity performs all intended cybersecurity functions, introduce low risk, and require minimal resources for adoption.
• Analyze migration activities to develop a description of the migrated activity including the hardware, software, cloud resources, interfaces, data, and security architecture.
• Perform security testing IAW the NGA cloud security guidance and processes and analyze testing and assist with development of documentation that demonstrates the migrated activity complies with all required security requirements.

Required Mandatory Qualifications

• At least 12 years of demonstrated expertise in managing cybersecurity practices in an IC or DoW Agency with an understanding of the government's approach for the Zero Trust framework and Identity, Credential and Access Management (ICAM).
• Familiarity at the Subject Matter Expert level for program technical acquisition strategies that align with IC/DoD Cybersecurity and ZTA, pillars, policies, and directives.
• Understanding of information and application security concepts, mechanisms, practices, and tools.
• Ability to translate business requirements into cloud solutions.
• Relies on extensive experience and judgment to plan and accomplish goals and independently perform a wide variety of complicated tasks.
• Excellent oral communication, persuasion, and relationship skills; strong problem identification and problem-solving skills.
• Strong writing skills that lead to clear, concise, and unambiguous technical and non-technical documentation.
• Microsoft Office skills
• May provide consultation on complex projects and is a top-level contributor/specialist.
• May lead and direct the work of others.
• May report to an executive or director.

Education

• BA/BS or higher degree, or related experience in a business, STEM or IT field.
  

Desired Experience

• Certification(s) in Secure +, Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Project Management Professional (PMP), Scaled Agile Framework (SAFe), Information Technology Infrastructure Library (ITIL) certification.
• Extensive understanding of cybersecurity vulnerabilities and emerging technologies in end-user computing, collaboration tools, and AI/ML.
• Knowledge of Artificial Intelligence and Machine Learning (AI/ML) modeling for risk analysis.
• Familiarity with Identity Threat Detection and Response (ITDR) and User and Entity Behavior Analytics (UEBA).
• In-depth knowledge of Enterprise Cybersecurity principles such as privileged users, Public Key Infrastructure and Post-Quantum Cryptography (PQC).
• Familiarity with IC and DoW ICAM Cybersecurity concepts, systems and services, such as attribute and policy federation, multi-factor authentication, Denied, Degraded, Intermittent, and Limited (DDIL) solutions, and multi-domain requirements.
• Experience supporting intra- and inter-agency senior leadership and working groups.
• Familiarity with risk and schedule management and mitigation.

Compass, Inc. (Compass) is a Small Business (SB) headquartered in Winchester, VA as a Defense and Intelligence solutions provider to the United States Government. We provide Systems Engineering and Technical Assistance (SETA), Advisory and Assistance Services (A&AS), and Systems Engineering and Integration (SE&I) to our government and business partner customers. As a premier Defense and Intelligence solution provider, we employee a diverse, agile, highly trained and extremely talented staff.

Equal Opportunity Employer Veterans/Disabled