Sr. Security Engineer / SME

SMS is seeking Cybersecurity Assessment and Authorization Subject Matter Expert. Individual will provide independent verification and validation (IV&V) and delivery recommendations to the Defense Threat Reduction Agency (DTRA) Security Control Assessor (CSA). Provide support to the IT-CS Authorization Official Designated Representative (ADOR) performing various activities such as assessing NIST 800-53 RMF controls for continuous monitoring and FISMA requirements, updating status of Contingency Plan Tests (CPTs), Annual Security Reviews (ASRs), Authority to Operate (ATO), and Plans of Actions and Milestones via SharePoint Dashboard. In addition, prepare briefings to communicate with stakeholders, Security Control Assessor (SCA), AODR and Authorization Official (AO) on DTRA systems’ status using eMASS, ACAS, STIG Viewer. Analyze FIPS 199, Privacy Impact Assessment, and Privacy Overlay Categorization for accuracy and proper completion.  Evaluate POAM completion, extension, and closure via eMASS workflow providing feedback for AODR, AO and Program Manager (PM). 

SMS offers proven solutions in engineering, operations, cybersecurity, and digital transformation. With expertise in modernizing and optimizing legacy infrastructure and systems, ensuring operational efficiency, and designing, implementing, and managing secure environments, SMS supports business and mission goals with proficiency, quality, and integrity.

SMS has been serving the advanced information technology needs of the federal government since 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 45 years. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. For additional information on SMS, visit www.sms.com.

Submit your resume today!

• Serve as a Subject Matter Expert (SME) in cybersecurity for the Assessment and Authorization (A&A) of information systems across the DTRA enterprise.
• Provide guidance on the application and interpretation. Determine FIPS 199 security categories using NIST 800-60 Volume II and provide adjustments and rationale for changes for system stakeholders.
• Brief senior DTRA management on the status, risks, and outcomes of systems undergoing RMF processes.
• Assess Privacy documentation to ensure completeness and accuracy to include Privacy impact assessment (DD Form 2930) and Privacy Overlay Categorization Worksheet.
• Investigate ACAS scans for 40 systems using plug-ins, vulnerability description, severity, date of vulnerability discovery and output to provide comprehensive analysis to senior leadership.
• Create DTRA AO documentation such as memos for Functional/ Technical IATTs, ATOs, ATO-Cs, ATO extensions, Authority to Build, and ASR compliance.
• Ensure accuracy of tracking data of CPTs, ASRs, ATOs, POAMs, and CONMON controls using MicroStrategy Dashboards.
• Provide a path of accreditation to new or external systems requesting to perform mission essential duties within DTRA’s accreditation boundary.
• Create and update SOPs for all of the AODRs various processes to include Risk Management Framework, Continuous Monitoring Strategy, POAM, CPT Controls, Contingency Plan Test, FIPS 199, Security Impact Analysis, Certificate of Networthiness, Risk Acceptance, Appointment Letters, ATO Kick Off, and Post ATO briefs, Firewall exemption requests etc.
• Participate with client in meetings with ISSOs, ISSMs, PMs providing expertise in asset security management, Vulnerability scan compliance, POAM requirements, ATO package requirements and Privacy compliance.
• Use Expertise to create new processes and provide insight into new security requirements issued by JFHQ-DODIN.

• Bachelor's degree with 8+ years of relevant experience. Additional years of related experience, training, and/or certifications accepted in lieu of a degree.

• 5 Years Experience with DoD Risk Management Framework (RMF).

• Strong oral, written, interpersonal and organizational skills

• DoD Cybersecurity Experience

• Possess DoD IAM Level III certification, CISSP or equivalent.

• Possess an active DoD Top Secret security clearance.

SMS is a dynamic systems integrator established in 1976, delivering talented teams and innovative, cost-effective solutions and services to support our customers’ missions for more than 47 years. Our ability to hire and retain quality people in a rapidly evolving IT market is proven through our employee retention rate averaging over 3 years. At SMS, we place a high value on quality of service, customer satisfaction, and best-of-breed policies and practices, resulting in CMMI Level 3 certification and ISO registrations including 9001:2015, 20000-1:2018, and ISO/IEC 27001:2013. SMS is headquartered in McLean, Virginia, with offices and on-site operations at customer locations throughout the United States. 

SMS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.