Senior Cybersecurity SME - ZTI Solutions, LLC
Arlington, VA 22202
About the Job
The ZTI Cybersecurity Subject Matter Expert (SME) will be responsible for developing and implementing robust security strategies, policies, and procedures to safeguard critical assets and mitigate cybersecurity risks. The Cybersecurity SME possesses a strong background in cybersecurity, exceptional leadership abilities, and a deep understanding of the unique challenges and requirements of working in the current DoD environment.
ZTI Cybersecurity SME shall perform the following Cybersecurity tasks:
ZTI Cybersecurity SME shall perform the following Cybersecurity tasks:
- Coordinate Cybersecurity activities.
- Provide Cybersecurity infrastructure engineering support.
- Provide Configuration Management (CM) Cybersecurity support.
- Recommend necessary Cybersecurity hardware and software.
- Provide a monthly status report with any schedule updates.
MULTI-DISCIPLINE SECURITY SUPPORT:
SME shall ensure strict adherence to the provisions of the DOD Security Manual’s, ICD/DCID, ICD, and SAP policy. SME shall assist in developing and executing approved policies and procedures for safeguarding SAP, SCI and collateral data in support of DOD operations. SME shall also provide day-to-day security support that includes continuous assessment of procedures to identify shortfalls and provide appropriate recommendations for revising and improving security policies, procedures, and systems. SME shall identify vulnerabilities, threats, and risks to test, training, and operational activities.
SME shall also assist in developing, implementing, and training the Operations Security program, and will assist in providing contractor and subordinate facility assistance and oversight. SME shall brief all levels of personnel, both in the government and senior civilian services, on a variety of security related topics. SME shall conduct and document SAP facility compliance reviews, follow-on facility reviews, and facility close-outs. SME shall monitor, report and track all corrective actions resulting from compliance reviews. SME shall ensure timely notification of pertinent security matters to program technical and management staff. SME shall also conduct exploration of any loss, compromise, or suspected compromise of classified and/or sensitive information, including conducting preliminary inquiries and generating damage assessments resulting from the loss of classified information. SME shall coordinate with SAP security personnel to ensure lessons learned are incorporated into the curriculum for the SAP security education & awareness program, and provide leadership, mentoring, and oversight of team members.
ENGINEERING SUPPORT:
Task order requirements include providing timely expertise in a variety of engineering topics. These topics include, but are not limited to, having knowledge in the following: major weapon system acquisition processes and timelines; anti-tamper (AT) techniques and procedures; micro-electronics (ME) design and chip manufacturing processes; supply-chain risk management issues and mitigation techniques; and cyber-related issues (e.g., cyber security, cyber agility, etc.). Additionally, SME shall be able to perform basic project planning and management functions (e.g., producing monthly status reports (MSRs) and financial management reports), and documenting meeting minutes and related technical analyses (e.g., feasibility analyses, technical assessments). The timeliness may be as little as 1-2 days’ notice for attending a local (NCR) meeting, or a 1-2 weeks’ notice for attending a meeting requiring airline travel. For planning purposes, cross-country airline travel shall be estimated at 4 person trips per year, with video-teleconferencing (VTC) being the preferred choice.
Task order requirements include providing timely expertise in a variety of engineering topics. These topics include, but are not limited to, having knowledge in the following: major weapon system acquisition processes and timelines; anti-tamper (AT) techniques and procedures; micro-electronics (ME) design and chip manufacturing processes; supply-chain risk management issues and mitigation techniques; and cyber-related issues (e.g., cyber security, cyber agility, etc.). Additionally, SME shall be able to perform basic project planning and management functions (e.g., producing monthly status reports (MSRs) and financial management reports), and documenting meeting minutes and related technical analyses (e.g., feasibility analyses, technical assessments). The timeliness may be as little as 1-2 days’ notice for attending a local (NCR) meeting, or a 1-2 weeks’ notice for attending a meeting requiring airline travel. For planning purposes, cross-country airline travel shall be estimated at 4 person trips per year, with video-teleconferencing (VTC) being the preferred choice.
SME shall have a continuing obligation to inform the customer of known risks associated with the execution of this task. SME shall perform but is not limited to supporting the customer infrastructure including, and all organizations supported by, the Office of Secretary of Defense.
The SME, in their role as a technical direction agent, will employ disciplined system engineering and scientifically based approaches. SME shall continuously determine, assess, and document risks to accomplish the tasks of this effort.
Risks will be identified, monitored, and mitigated, as appropriate, based on the criticality of their consequences and probability of occurrence. Risks and risk mitigation plans shall be reviewed, as needed.
SME shall provide technical advice, primarily in the form of technical analyses, system engineering products, or other relevant technical products. This shall include participating in working groups and Technical Interchange Meetings (TIMs), at the Government’s request. This technical advice includes, but is not limited to, feedback and recommendations to further develop key customer products and capabilities.
INFORMATION ASSURANCE (IA), CYBER, AND IT INFRASTRUCTURE SUPPORT:
Provide Secure Infrastructure: SME shall provide the appropriate Information Technology (IT) and Information Assurance (IA) services to assist in the operation and maintenance of a government sponsored SCIF and SAP laboratory facility for the verification and validation of next-generation materials and system components. This support shall include continued IT infrastructure services and IA support to ensure compliance with DCID 6/9. SME shall support requirements gathering and laboratory planning for additions and modifications to the laboratory facility and network systems. This support shall include documenting justifications and security operations for the facility. SME shall coordinate support for multi-level security network workstations and connectivity to support the computer needs of the organization. The status of the infrastructure shall be documented in the Monthly Status Report.
Provide Secure Infrastructure: SME shall provide the appropriate Information Technology (IT) and Information Assurance (IA) services to assist in the operation and maintenance of a government sponsored SCIF and SAP laboratory facility for the verification and validation of next-generation materials and system components. This support shall include continued IT infrastructure services and IA support to ensure compliance with DCID 6/9. SME shall support requirements gathering and laboratory planning for additions and modifications to the laboratory facility and network systems. This support shall include documenting justifications and security operations for the facility. SME shall coordinate support for multi-level security network workstations and connectivity to support the computer needs of the organization. The status of the infrastructure shall be documented in the Monthly Status Report.
Provide Updated Documentation: SME shall provide IT and IA security office support. SME shall support security operations, including development and implementation of security SOPs and safeguards to protect the personnel and data contained in the laboratory facility. Changes to security SOPs, and IA/Cybersecurity plan in support of program/project execution shall be documented in monthly technical status reports. SME shall assist in any updates to SOPs and IA plans. It is expected that the plans will be reviewed and updated as needed on a quarterly basis. Updates shall be documented in the Monthly Status Report.
Requirements:
Requirements:
- Active Top-Secret Clearance with SCI Eligibility.
- Bachelor’s Degree or higher in an Information Technology Field.
- 10+ years of experience.
- IAM Level II Certification. (e.g. CAP, GSLC, CISM, CISSP, CASP).
Benefits:
- Four Weeks of Paid Time Off.
- All Federal Holiday Paid Vacation.
- Four Percent Matching 401K.
- Full health/vision/dental benefits for the employee and family paid 100% by ZTI Solutions, LLC.
About ZTI Solutions, LLC:
ZTI Solutions, LLC was founded in 1997 in Virginia and is classified as a small business. The company is owned and operated by its founder, Rudy Zadnik, who emphasizes moral and business excellence over increasing company profits. This results in a more customer-oriented attitude towards mission accomplishment, as opposed to growing profits or sales.Our approach to consulting and engineering centers around using only highly skilled personnel who are seasoned industry veterans. All employees hold high-level industry and vendor certifications. We offer a comprehensive set of consulting and staff augmentation services, primarily focused on networking and security consulting in the classified space.
Source : ZTI Solutions, LLC