Cybersecurity Advisor

The Office of Small Business Programs (OSBP) is responsible for the development of small business policy, oversight of DoD's small business performance for prime and subcontracting goals, administration of small business programs, industry engagement, ensuring cyber resiliency of the small business industrial base and utilization of technology and big data principles to drive market research and small business inclusion in defense procurements.

The Cybersecurity Advisor will play a key role in this project by developing, synthesizing, reviewing, and reporting on all manner of industrial cybersecurity. Qualified candidates should have a command understanding of vulnerability analysis, incident reporting, standards, policy, and training content delivery. The Cybersecurity Advisor may also conduct classroom instruction in the theory & operations and validation of cyber training to small and medium size business operators. The Advisor will work as part of a team to develop and refine cyber courseware.

Advise small and medium-sized businesses on set up and maintenance of cybersecurity-related systems and processes - business risk, challenges, and compliance options, and building or recommending solutions for small and medium-sized businesses.

Work with Cloud Architects, DevSecOps, and other development team members to review cloud architecture to identify and implement improvements of security services.

Provide security expertise to the team on topics ranging from security architecture, hardening, monitoring, incident detection and response as well as general security improvements.

Act as a subject matter expert on cloud and physical security to implement controls for NIST frameworks 800-53, 800-171, 800-190 as well as CMMC, PCI and HIPAA.

Provide guidance on implementing continuous monitoring in AWS cloud environments.

Provide guidance for automation of implementation of the solutions provided from the candidate and others in the security team in areas such as vulnerability management, logging and monitoring, incident response and endpoint security.

Perform regular additional security related tasks as assigned.

Contribute to the review of cybersecurity products.

Perform tasks related to securing and keeping the products, tools, and processes that you are responsible for securing.

Contribute to/and or write SSPs and PO&AMs.

Effectively mentor and teach cybersecurity and non-technical team members

Assist in the identification, tracking and remediation of security risks discovered on information systems

Prepare and deliver detailed written reports and oral presentations to senior leaders or staff within the organization

Explain requirements to systems administrators in detail to ensure proper understanding and clarity

Provide cyber security instruction delivered through both live and virtual classes. Travel may be required.

Assist in the development of curriculum content that implemented through interactive learning, utilizing technology.

Possess the ability to serve as primary or assistant instructor and/or demonstrator for cybersecurity training topics.

Possess the ability to conduct on-site field training of operations personnel on newly developed/implemented system procedures.

Create customized training plans based on current systems, new system upgrades, and mission- specific requirements.

Required Qualifications

Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Information Security, Cloud Computing, or related field.

Active certifications: CASP, CISM, or CISA

6+ years of Information Assurance or Cybersecurity related experience.

Expert level experience with obtaining Authorization to Operate(ATOs).

Possess exceptional verbal communication and interpersonal

Strong writing skills, with emphasis on technical writing and

Ability to travel up to 10% (Pandemic-related schedule flexibility available).

Preferred Qualifications

Master's degree in Cybersecurity or related field.

CISSP

GSLC

AWS Certified Security Specialty certification

AWS Certified Solutions Architect certification

Experience with Tripwire, Nessus, WAF, and IDS/IPS tools.

Familiarity with automation tools, containerization, and static code analysis tools.

NIST 800 - 171 AND CMMC certification