Cybersecurity SME (Top Secret)

• The Cybersecurity Subject Matter Expert (SME) serves as an Information System Security Manager (ISSM) and acts as technical advisors to Authorizing Officials (AOs) 
• Primary responsible for maintaining the overall security posture of the systems within their organization, and are accountable for the implementation of Department of Defense (DoD) 8510.01. 
• Responsibilities include, but are not limited to: 
  • DoD 8570 compliant IAM Level III certification, such as the GIAC (Global Information Assurance Certification) Security Leadership Certification (GSLC), Certified Information Security Manager (CISM) and/or Certified Information Systems Security Professional (CISSP) is required. 
  • Support implementation of the Risk Management Framework (RMF). 
  • Perform the ISSM duties as outlined in Department of Defense Instruction (DoDI) 8510.01 and DoDI 8500.01 for assigned systems/applications. 
  • Develop and maintain a formal Information Systems (ISs) security program and policies for their assigned area of responsibility. 
  • Supporting the system/application authorization and accreditation (A&A) effort, to include assessing and guiding the quality and completeness of A&A activities, tasks, and resulting artifacts mandated by governing DoD and Air Force policies (i.e., RMF). 
  • Ensure proper measures are taken when an IS incident or vulnerability is discovered. 
  • Maintain and report IS and Platform Information Technology (PIT) systems assessment and authorization status and issues in accordance with DoD Component guidance. 
  • Provide direction to the ISSO in accordance with DoDI 8500.01. 
  • Ensure that ISSOs are appointed in writing and provide oversight to ensure they are following established cybersecurity policies and procedures. 
  • Coordinate with the organization's security manager to ensure issues affecting the organization's overall security are addressed appropriately. 
  • Ensure that Information Owners (IOs) and stewards associated with DoD information received, processed, stored, displayed, or transmitted on each DoD IS and PIT system are identified in order to establish accountability, access approvals, and special handling requirements. 
  • Maintain a repository for all organizational or system-level cybersecurity-related documentation. 
  • Monitor compliance with cybersecurity policy, as appropriate, and review the results of such monitoring. 
  • Ensure that cybersecurity inspections, tests, and reviews are synchronized and coordinated with affected parties and organizations. 
  • Ensure implementation of IS security measures and procedures including reporting incidents to the AO and appropriate reporting chains, and coordinating system-level responses to unauthorized disclosures in accordance with DoD Manual 5200.01, Volume 3 for classified information or DoD Manual 5200.01, Volume 4 for Controlled Unclassified Information (CUI), respectively 
  • Ensure handling of possible or actual data spills of classified information resident in ISs, are conducted in accordance with DoD 5200.01, Volume 3. 
  • Act as the primary cybersecurity technical advisor to the AO for DoD IS and PIT systems under their purview. 
  • Ensure that cybersecurity-related events or configuration changes that may impact DoD IS and PIT systems authorization or security posture are formally reported to the AO and other affected parties, such as IOs and stewards and AOs of interconnected DoD ISs. 
  • Ensure the secure configuration and approval of IT below the system level (i.e., products and IT services) in accordance with applicable guidance prior to acceptance into or connection to a DoD IS or PIT system. 
  • Ensure that ISSOs author, monitor, and record system information in applicable databases.  Prepare and record system, security status, and portfolio management information into the Enterprise Information Technology Data Repository (EITDR) for Federal Information Security Management Act (FISMA); Security, Interoperability, Supportability, Sustainability, Usability (SISSU); Clinger Cohen Act; and other statutory compliance. 
  • Author, review, certify, and/or maintain information awareness (IA) and security management plans to include RMF Implementation Plans, System Security Management Plans, Information Support Plans, Program Protection Plans (PPPs), Security Risk Analyses, Security Vulnerability and Countermeasure Analyses, Security Concepts of Operations, Operational Security (OPSEC) Plans, and other system/network security related documents. 
  • Perform ISSM/ISSO duties as outlined in DoDI 8510.01 for assigned systems/applications.  
  • Other duties as assigned 

Education/Experience Requirements:

• 15 years of general work experience, 10 years of which must be in cybersecurity. 
• Master’s degree in Science or Engineering 
• Active Top Secret Clearance  
• Applicable DoD 8570.01 compliant certification 
• Risk Management Framework (RMF)

About Aegis Aerospace

We are a woman-owned space and technology company headquartered in Houston, TX.  Our primary objective is to support the Department of Defense and NASA in achieving their missions to defend the security of our country, reach new heights and to discover the unknown. We employ some of the brightest, most experienced engineering and technology experts in the U.S.

To learn more about Aegis Aerospace, visit our website at www.aegisaero.com.