A career as a Cyber Risk Management Framework Manager/SME means you are at the cutting edge of security technology, and at GDIT this means owning your opportunity to help support and advance our client’s mission. At GDIT cybersecurity embedded into every aspect of what we do, and we’re constantly evolving our cyber solutions to overcome our clients’ biggest challenges.
HOW A Cybersecurity / Risk Management Framework (RMF) Manager/SME MAKES AN IMPACT
As a Cyber RMF Manager/SME you will have the opportunity to build strong lines of cyber defense using cutting edge technologies. Your work in cybersecurity at GDIT will have an impact on securing our clients’ missions and ensuring we anticipate the threats of tomorrow. The Cyber RMF Manager/SME provides support to evaluate cyber defense concepts, architectures, designs and processes to defend against cyber risks.
The Army’s Secure Internet Protocol Modernization program effort is in direct support of the Department of the Army, Program Executive Office Enterprise Information Systems, PM Global Enterprise Network Modernization Americas implements the Army’s Global Secret Internet Protocol Router (SIPR) Network Program (A-GSN). GDIT will modernize those networks to bring together commercial and government solutions to modernize and secure the backbone of the Army’s classified network.
The SIPRNet is a classified network, used for Command and Control (C2), that is part of the larger Department of Defense Information Network (DoDIN) and extends into the Army’s portion of the DoDIN (referred to as the DoDIN-A). The Global SIPR Network will be a network of, at a minimum, 6 globally dispersed nodes that enable SIPR connectivity in all theaters. This program has an objective requirement to scale to 150,000 SIPR virtual desktop infrastructure users, enable the mission partner environment through Multiple Independent Levels of Security, and provide connectivity to multiple types of users through multi-site or End User Device connectivity. The program globally will provide improved SIPR Multi-site, mobility access, wireless, and data- at-rest capabilities using Nation Security Agency (NSA) approved Commercial Solutions for Classified (CSfC) Network.
Design, develop, implement, and/or integrate cybersecurity systems and system components including those for networking, computing, and software environments for systems spanning multiple enclaves/security domains and with differing data protection/classification requirements
Identify opportunities to build cybersecurity design into systems deployed to operational environments
Assist architects and systems developers in the identification and implementation of appropriate cybersecurity functionality to support security policy and federate with enterprise solutions
Assess current/forecasted customer demand to identify, innovate, design, and build strategies around new cybersecurity opportunities from end-to-end
Be recognized as a subject matter expert in developing cybersecurity solutions for customers in the public sector market; provide expert knowledge for the development of cybersecurity architecture designs to optimize mission effectiveness across all aspects of cybersecurity
Perform / review technical security assessments of computing environments to identify points of vulnerability, non-compliance with established cybersecurity standards and regulations, and recommend mitigation strategies
Provide technical leadership to the vulnerability management program, including developing and managing remediation activities.
Engineer and maintain endpoint protection products and processes
Interface directly with the government customer’s technical security teams to collect, integrate, interpret, and report using various tools to demonstrate risk, and advise stakeholders on a course of action.
Analyze Commercial-Off-The-Shelf (COTS) and Government-Off-The-Shelf (GOTS) tools/services; analyze and support engineering and architecture considerations affecting DoD IT assets.
Provide Enterprise Architecture products focused on cyber defense data flows/usage and transactions including netflow reporting, network performance metrics, and mission assurance metrics; provide cyber incident response recommendations.
Analyze after action reports of cyber incidents, conduct trend analysis, and maintain a database of events; review lessons learned, conduct root-cause analysis, and provide recommendations.
Define and track cyber defense and cybersecurity maturity levels; provide the status of cyber defense operations; measure cyber defense service performance.
Provide management, direction, administration, quality assurance, and leadership in the execution of the program.
Ensure compliance with relevant corporate and government policies and standards.
Participate in special projects as required.
SCOPE: Manage a large team of multiple disciplines including Telecommunications Enterprise IT (ITSM) and Cybersecurity Services. Schedule execution of implementation activities with high complexity. Be responsible for program(s) with annual revenues of $250-500 million.
WHAT YOU’LL NEED TO SUCEED:
Education: Bachelor’s Degree from an accredited institute in Cyber related discipline (e.g. information systems, computer science, math, or engineering).
Required Experience: 10+ years of cyber leadership in progressively increasing responsibility managing cybersecurity compliance for a DoD Agency, including security IT systems and services using Government and industry cybersecurity standards, guidelines, and best practices
Cyber leadership in disciplines such as secure systems engineering in classified domains, zero trust architecture, Cyber threat analysis and/or incident response, infrastructure engineering, and IT networks implementation
Five (5) years’ experience on DoD Cybersecurity/RMF processes and leading a security operations staff with skills applicable to a project environment similar in size and scope referenced in this offering
Knowledge of the DoD cybersecurity and policy requirements set forth in DoDI 8500.01 “Cybersecurity” and DoDI 8510.01 “Risk Management Framework (RFM) for DoD Information Technology (IT) and their successors
Required Technical Skills: Demonstrated experience in security design, threat modeling, security and privacy controls, security stacks and automation, RMF and accreditation
Possess the appropriate certifications to achieve DoD 8570.01-M IAT/IAM Level 3 Certified IAW DoD 8570.01
Security Clearance Level: DoD SECRET clearance required, TS preferable, with ability to obtain Sensitive Compartmentalized Information (SCI) eligibility
Required Skills and Abilities:
Exceptional verbal and written communication skills applied to the development and presentation of technical materials appropriate to a broad spectrum of audiences.
Adept at interfacing with Government at senior leader levels and representing the interests of GDIT and GENM-A.
Understanding of Army policies, organization, and processes. Integration and alignment of Army policies, organizational constructs, and processes
Master’s Degree in Cyber Security
Understanding of Army Networks construction, Commercial Solutions for Classified (CSfC) commercial products
Five (5) years of experience with Federal NSA and DoD governance, risk, and compliance management
Location: Hybrid, frequent travel within the Northern Virginia area and at implementation site required
GDIT IS YOUR PLACE:
Full-flex work week to own your priorities at work and at home
401K with company match
Comprehensive health and wellness packages
Internal mobility team dedicated to helping you own your career
Professional growth opportunities including paid education and certifications
Cutting-edge technology you can learn from
Rest and recharge with paid vacation and holidays
About Our Work
We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.
GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.
GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.