Cyber SME Lead

We are seeking an Cyber SME Lead who provides expert support, research, and analysis of exceptionally complex problems and processes relating to cybersecurity. Serves as a technical expert to the Cybersecurity Assessment Program, providing technical direction, interpretation, and alternatives to complex problems. Applies advanced technical principles, theories, and concepts, and contributes to the development of new principles, concepts, and methodologies. Works on unusually complex technical problems and provides highly innovative and ingenious solutions.

*This position is contingent upon contract award.*

Responsibilities

• Serves as technical expert to the Cybersecurity Assessment Program providing technical direction, interpretation, and alternatives to complex problems
• Oversees end-to-end POA&M lifecycle management, ensuring accurate documentation, status tracking, and closure of all remediation actions
• Thinks independently and demonstrates exceptional written and oral communication skills
• Applies advanced technical principles, theories, and concepts
• Contributes to the development of new principles, concepts, and methodologies
• Works on unusually complex technical problems and provides highly innovative and ingenious solutions
• Recommends cybersecurity software tools and assists in the development of software tool requirements and selection criteria, including the development of product-specific STIGs from applicable DISA SRGs
• Works under consultative direction toward predetermined long-range goals and objectives; assignments are often self-initiated
• Determines and pursues courses of action necessary to obtain desired results
• Develops advanced technological ideas and guides their development into a final product
• Demonstrated expertise in leading and mentoring teams, providing clear guidance, quality oversight, and technical direction to ensure all cybersecurity artifacts meet DoD standards, organizational expectations, and inspection-ready quality levels
• Proven real-world, hands-on experience preparing enterprise environments for DoD cybersecurity inspections (CCRI, CORA, Blue Team assessments)
• SME-level experience in assessing security controls and conducting authorization reviews for large, complex organizations
• SME-level understanding of DoD cybersecurity requirements, including documenting and developing artifacts for STIGs, TCG configuration guides, IAVMs, and Task Orders
• Exceptional ability to develop, maintain, and validate RMF artifacts and cybersecurity documentation
• Expert ability to interpret new and evolving DoD cybersecurity documentation, templates, and compliance requirements to develop high-quality cybersecurity artifacts, even when guidance is incomplete, ambiguous, or inconsistently applied
• Skilled in analyzing and interpreting cybersecurity guidance from the ISSM/ISSO to produce authoritative system documents such as the SSP, CONOPS, Incident Response Plan, Contingency Plan, Configuration Management Plan, and other required artifacts
• Proven ability to work independently and collaboratively with minimal oversight
• Strong research, analytical, and problem-solving skills
• Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platform
• Ability to generate clear, accurate, and audit-ready cybersecurity reports, including vulnerability summaries, compliance status updates, and risk findings for technical and leadership audiences
• Ability to generate detailed analytics and trend reports using data from vulnerability scanners, configuration tools, and security platforms to support decision-making and inspection readiness
• Excellent written and verbal communication skills, including the ability to brief leadership and produce clear documentation
• Experienced in the general tenets supporting the overall DoD implementation of its authorization process, including supporting cybersecurity policy, procedures, and processes
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud, information technology (IT), Industrial Control Systems (ICS), or Operational Technology (OT) infrastructures
• Strong analytical and problem-solving skills for resolving security issues
• Expert experience in cybersecurity assessments and evaluations
• Performs other related duties as assigned

Qualifications

• Years of Experience: 10
• Education Level: N/A
• Clearance Requirements: Must possess an active DoD Secret clearance and IT-II Non-Critical Sensitive / Tier 3 (T3) access
• Certification Requirements:
  • Required training certifications in ACAS and Tanium
  • Computing Environment: DLA-approved Computing Environment (D Account Access)
  • Current Requirement: DoD 8570 IAT Level III

About Us

Diné Development Corporation (DDC) is a Navajo Nation owned family of companies that provides government agencies and commercial organizations with high-quality IT, professional, environmental, and research and development services. DDC is dedicated to empowering the Navajo Nation and communities we serve.

Benefits

Eligible full-time employees receive a comprehensive benefits package, including medical, dental, vision, life and disability coverage, retirement savings with company match, paid time off, voluntary supplemental benefits, and access to an employee assistance program. The package also includes educational assistance, with tuition reimbursement.

EEO Statement

This contractor and subcontractor shall abide by the requirements of 41 CFR 60-1.4(a), 60-300.5(a) and 60-741.5(a). These regulations prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities, and prohibit discrimination against all individuals based on their race, color, religion, sex, sexual orientation, gender identity, national origin, or for inquiring about, discussing, or disclosing information about compensation, or any other basis prohibited by law. We participate in E-Verify.