Cyber Security Policy SME

This is a remote position.

Title : Cyber Security Policy SME

Location : Remote

Terms : Full-Time / Permanent

Clearance : All qualified candidates must have an active DoD Secret level security clearance

RESPONSIBILITIES :

• Provide expert guidance during the Oracle 19C upgrade, ensuring the implementation of security controls, system hardening, and compliance-driven optimizations.
• Conduct in-depth evaluations of software systems, pinpoint vulnerabilities, and recommend solutions in alignment with strict government security standards.
• Champion security-by-design principles. Design and implement comprehensive logging mechanisms, establish audit trails, and develop technical validation processes to ensure adherence to government recordkeeping and security mandates.
• Mentor teams on secure coding practices, threat modeling, and compliance-driven development. Integrate static / dynamic security testing tools into the development pipeline.
• Proactively identify potential security risks and vulnerabilities. Prepare comprehensive reports detailing security posture, compliance gaps, and prioritized mitigation strategies.
• Work closely with government stakeholders to understand security requirements, interpret directives, and ensure projects meet contractual compliance obligations.

Requirements

BASIC QUALIFICATIONS :

• A bachelor's degree in computer science, Cybersecurity, Software Engineering, or a closely related technical field OR Extensive, directly relevant experience in secure software engineering and compliance may be considered in lieu of a degree.
• Deep expertise in secure software architecture, design patterns, and defensive coding techniques to safeguard systems from the ground up.
• In-depth understanding of data integrity principles, logging best practices, and rigorous auditing standards as they relate to government record-keeping requirements.
• In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
• Proven track record in designing and implementing robust security solutions within government-mandated compliance frameworks.
• Extensive experience in integrating security controls and testing throughout the SDLC, with a focus on threat modeling, vulnerability analysis, and secure code reviews.
• Mastery of multiple programming languages, secure coding principles, cybersecurity tools, and cloud security (desirable).
• Exceptional written and verbal communication. Ability to translate technical security requirements into actionable plans for development teams and clearly articulate risks to non-technical stakeholders.

PREFERERED QUALIFICATIONS :

• Experience with Oracle database administration, specifically upgrades or migrations.
• In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
• Experience conducting comprehensive security evaluations and vulnerability assessments.
• Expertise in records management principles, log analysis, and auditing best practices.
• Understanding of government recordkeeping requirements and compliance frameworks.
• Strong understanding of log data formats, event correlation, and data retention policies.
• Proficiency in developing technical standards and documentation.
• Comprehensive understanding of security risk assessment methodologies and reporting frameworks.
• Certified Information Systems Security Professional (CISSP)
• Oracle Certified Professional (OCP) Database Administration
• Oracle Database Security Specialist
• Certified Information Systems Auditor (CISA)
• Systems Security Certified Practitioner (SSCP)
• OR a relevant GIAC certification (GSEC, GPEN, etc.)
16 days ago