Cybersecurity Subject Matter Expert (Cyber SME)

Bethesda, MD
Full Time
Experienced

Our client is seeking Cybersecurity Subject Matter Expert (SME) to provide technical leadership supporting NIH's enterprise Information Security Program. This position serves as the senior cybersecurity advisor responsible for governance, risk management, security engineering, vulnerability management, Zero Trust, incident response, RMF, and enterprise security strategy across NIH's hybrid environment.

Responsibilities

  • Provide senior technical leadership for NIH's Information Security Program.
  • Advise Government leadership on cybersecurity strategy, risk, and compliance.
  • Lead implementation of NIST RMF and FISMA requirements.
  • Support Assessment & Authorization (A&A), SSPs, POA&Ms, and security documentation.
  • Guide Zero Trust Architecture initiatives and enterprise modernization efforts.
  • Lead vulnerability management, penetration testing, and remediation strategies.
  • Support enterprise Continuous Diagnostics & Mitigation (CDM) activities.
  • Provide technical oversight for incident response, digital forensics, and threat mitigation.
  • Evaluate enterprise security architecture supporting cloud, on-premises, and hybrid environments.
  • Develop cybersecurity policies, standards, procedures, and best practices.
  • Support audits, inspections, FISMA reporting, and compliance assessments.
  • Mentor cybersecurity engineers, ISSOs, and technical teams.

Required Qualifications

  • Bachelor's degree in Cybersecurity, Computer Science, Information Assurance, or related discipline (experience may substitute).
  • 12+ years of progressive cybersecurity experience.
  • Extensive knowledge of:
    • NIST SP 800-53
    • NIST RMF
    • FISMA
    • FedRAMP
    • Zero Trust
    • CDM
    • Vulnerability Management
    • Incident Response
    • Security Architecture
    • Enterprise Risk Management
  • Experience supporting Federal cybersecurity programs.
  • Experience briefing senior executives and technical stakeholders.
  • Strong understanding of cloud security and hybrid enterprise environments.

Preferred Certifications

  • CISSP (strongly preferred)
  • CGRC (formerly CAP)
  • CISM
  • CCSP
  • Security+
  • CEH
  • GCIH
  • PMP (preferred but not required)

Preferred Experience

  • NIH or HHS cybersecurity experience.
  • Microsoft Defender, Sentinel, Splunk, Tenable, ServiceNow, Azure Security Center.
  • Security engineering and enterprise architecture.
  • ISSO, ISSM, or CISO support experience.
Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*