Job Requirements
Dayton
Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
The Cyber Security (SME) supports the full lifecycle of cybersecurity risk management activities for DoD information systems. This role applies expert-level knowledge of the Risk Management Framework (RMF) to ensure systems remain secure, compliant, and authorized to operate. The position collaborates across technical, compliance, and program teams to identify vulnerabilities, support audits, and drive remediation efforts that protect mission-critical systems.
Responsibilities
Qualifications
Preferred
About Us
Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that provides government agencies and commercial organizations with high-quality IT, professional, environmental, and research and development services. DDC is dedicated to empowering the Navajo Nation and communities we serve.
Benefits
Eligible full-time employees receive a comprehensive benefits package, including medical, dental, vision, life and disability coverage, retirement savings with company match, paid time off, voluntary supplemental benefits, and access to an employee assistance program. The package also includes educational assistance, with tuition reimbursement.
EEO Statement
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.
Responsibilities
- Apply expert-level knowledge of the Risk Management Framework (RMF), including NIST SP 800-53 Revisions 4 and 5, to support security authorization processes and prepare comprehensive ATO submission packages.
- Coordinate with DISA, System Integrators, the Program Office, and Database Administrators to identify, analyze, and remediate system vulnerabilities.
- Perform continuous monitoring of security controls in alignment with the RMF strategy, ensuring ongoing compliance and risk awareness.
- Collaborate with Security Control Assessor (SCA) and Security Control Assessment Representative (SCAR) teams to plan and execute security testing for system releases and authorization activities.
- Support vulnerability management efforts, including implementation and tracking of STIGs, ACAS scans, Fortify static code analysis, and SIEM-based alerting and monitoring.
- Review and analyze system logs and alerts generated by the SIEM to detect potential threats and assess system health.
- Assess newly identified vulnerabilities, initiate appropriate tickets, and manage resolution through Configuration Management and cyber release processes.
- Work closely with the Compliance Team to support annual FIAR audit activities (e.g., SOC 1, SOC 2), tracking audit findings through POA&Ms to resolution.
- Participate in annual cybersecurity evaluations and red/blue team assessments, providing analysis and remediation planning for network, application, and database architecture findings.
- Contribute to AGILE Release Management Integrated Product Teams (IPTs), ensuring cybersecurity requirements are incorporated throughout development and change processes.
- Develop, review, and maintain cybersecurity policies, program documentation, and PMO guidance to support governance and compliance objectives.
- Lead remediation efforts for vulnerabilities documented in POA&Ms or planned cyber releases, with emphasis on resolving high-risk findings within defined timelines.
- Provide program leadership with regular updates on open POA&M items, including monthly status reporting or as requested.
- Support annual FISMA assessments, incident response activities, and contingency plan testing to maintain security posture and operational readiness.
- Maintain working knowledge of applicable cybersecurity standards, policies, and regulations from NIST, DoD, and other federal entities.
- Performs other related duties as assigned.
Qualifications
- Bachelor's degree and a minimum of eight (8) years of relevant cybersecurity experience.
- Must possess one of the following certifications: CySA+, CAP, CASP+CE, CISM, CISSP, GSLC, CCISO, or HCISPP.
- Active Secret Security Clearance is required.
Preferred
- Risk Management Framework (RMF) experience supporting DoD or federal systems.
About Us
Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that provides government agencies and commercial organizations with high-quality IT, professional, environmental, and research and development services. DDC is dedicated to empowering the Navajo Nation and communities we serve.
Benefits
Eligible full-time employees receive a comprehensive benefits package, including medical, dental, vision, life and disability coverage, retirement savings with company match, paid time off, voluntary supplemental benefits, and access to an employee assistance program. The package also includes educational assistance, with tuition reimbursement.
EEO Statement
This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.
group id: 90860202
We are DDC!
