This is a remote position.
Title : Cyber Security Policy SME
Location : Remote
Terms : Full-Time / Permanent
Clearance : All qualified candidates must have an active DoD Secret level security clearance
RESPONSIBILITIES :
- Provide expert guidance during the Oracle 19C upgrade, ensuring the implementation of security controls, system hardening, and compliance-driven optimizations.
- Conduct in-depth evaluations of software systems, pinpoint vulnerabilities, and recommend solutions in alignment with strict government security standards.
- Champion security-by-design principles. Design and implement comprehensive logging mechanisms, establish audit trails, and develop technical validation processes to ensure adherence to government recordkeeping and security mandates.
- Mentor teams on secure coding practices, threat modeling, and compliance-driven development. Integrate static / dynamic security testing tools into the development pipeline.
- Proactively identify potential security risks and vulnerabilities. Prepare comprehensive reports detailing security posture, compliance gaps, and prioritized mitigation strategies.
- Work closely with government stakeholders to understand security requirements, interpret directives, and ensure projects meet contractual compliance obligations.
Requirements
BASIC QUALIFICATIONS :
- A bachelor's degree in computer science, Cybersecurity, Software Engineering, or a closely related technical field OR Extensive, directly relevant experience in secure software engineering and compliance may be considered in lieu of a degree.
- Deep expertise in secure software architecture, design patterns, and defensive coding techniques to safeguard systems from the ground up.
- In-depth understanding of data integrity principles, logging best practices, and rigorous auditing standards as they relate to government record-keeping requirements.
- In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
- Proven track record in designing and implementing robust security solutions within government-mandated compliance frameworks.
- Extensive experience in integrating security controls and testing throughout the SDLC, with a focus on threat modeling, vulnerability analysis, and secure code reviews.
- Mastery of multiple programming languages, secure coding principles, cybersecurity tools, and cloud security (desirable).
- Exceptional written and verbal communication. Ability to translate technical security requirements into actionable plans for development teams and clearly articulate risks to non-technical stakeholders.
PREFERERED QUALIFICATIONS :
- Experience with Oracle database administration, specifically upgrades or migrations.
- In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
- Experience conducting comprehensive security evaluations and vulnerability assessments.
- Expertise in records management principles, log analysis, and auditing best practices.
- Understanding of government recordkeeping requirements and compliance frameworks.
- Strong understanding of log data formats, event correlation, and data retention policies.
- Proficiency in developing technical standards and documentation.
- Comprehensive understanding of security risk assessment methodologies and reporting frameworks.
- Certified Information Systems Security Professional (CISSP)
- Oracle Certified Professional (OCP) Database Administration
- Oracle Database Security Specialist
- Certified Information Systems Auditor (CISA)
- Systems Security Certified Practitioner (SSCP)
- OR a relevant GIAC certification (GSEC, GPEN, etc.)
16 days ago