Cybersecurity Subject Matter Expert (SME)

At The One 23 Group, our mission is to set the benchmark for excellence in government services. We empower our clients in the Department of Defense, Intelligence Community, and Federal Civilian sectors to excel with our advanced capabilities. Our dedication lies in fostering a people-first culture, underpinned by steadfast ethical principles. Embracing innovative technologies and process improvements, we are steadfast in our journey toward a future that is both bright and transformative.

Our expertise spans consulting and analytics, digital workplace solutions, and cyber compliance. With our global footprint, we place a strong emphasis on nurturing our people and culture, which forms the core of our successful strategies in leadership and financial management. We pride ourselves on our extensive experience and effective approach, ensuring that we lead with both innovation and integrity.

The One 23 Group, a Virginia-based Government Contractor, seeks a TOP SECRET/SCI Cleared Cybersecurity Subject Matter Expert (SME) local to Washington DC Metropolitan area. 

Responsibilities: We are seeking a Cybersecurity Subject Matter Expert (SME) who will provide expert guidance and technical consultation to senior leaders, stakeholders, and cybersecurity teams in addressing and resolving cybersecurity incidents. This position ensures that systems and data maintain appropriate levels of confidentiality, security, and integrity while offering technical expertise across various cybersecurity functions, including risk management, policy development, auditing, and compliance with the National Institute of Standards and Technology (NIST) Risk Management Framework (RMF). The Cybersecurity SME leads cybersecurity engineering efforts, manages teams, and oversees continuous monitoring to ensure that cybersecurity controls are implemented and operating effectively.

Key Responsibilities:

• Incident Response & Resolution: Provide expert advice to senior leaders and stakeholders on cybersecurity incidents, including impact analysis, eradication strategies, and plans to restore networks to a more secure state.
• Cybersecurity Leadership: Lead and manage a cybersecurity team in operations and maintenance environments, ensuring adherence to cybersecurity best practices and security engineering principles.
• Systems Security: Ensure all systems and data repositories maintain appropriate levels of confidentiality, security, and integrity, while advising system owners on security matters related to IT systems.
• Risk Management & Compliance: Provide guidance on cybersecurity engineering program policies, processes, and planning. Conduct risk management, auditing, and assessments, particularly related to Assessment and Authorization (A&A) using NIST RMF guidelines.
• Vulnerability Management & Intrusion Detection: Utilize industry best practices for vulnerability management and intrusion detection, ensuring systems are protected against evolving cybersecurity threats.
• Operational Procedures & Collaboration: Assist in developing and maintaining Operational Level Agreements (OLAs) and Standard Operating Procedures (SOPs) to support process interaction with Government and contractor IT groups.
• Continuous Monitoring: Perform continuous monitoring of security controls to ensure correct implementation, operation, and outcomes related to cybersecurity requirements for IT systems.
• System Security Plans (SSP): Develop, update, and maintain the System Security Plan (SSP) for assigned IT systems, ensuring it meets all cybersecurity requirements and standards.
• Security Control Deficiencies: Collaborate with technical teams to mitigate security control deficiencies and assess the cybersecurity impact of changes to assigned IT systems. 

Qualifications:

• Education: Master’s degree in a related discipline or equivalent experience in a business-related or relevant technical field. 
• Experience: 
  • Minimum of six (6) years of demonstrated cybersecurity engineering experience.
  • At least three (3) years of experience with the NIST Risk Management Framework (RMF).

· Certifications: Must possess one of the following certifications:

• DoD 8570.01-M IAT Level III certification such as:
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• GSLC (GIAC Security Leadership Certification)
• ITIL v3 Foundation Certification

Clearance: 

· Must possess an active DoD TOP SECRET/SCI clearance.