Cyber Security Policy SME

This is a remote position.

• Provide expert guidance during the Oracle 19C upgrade, ensuring the implementation of security controls, system hardening, and compliance-driven optimizations.
  
• Conduct in-depth evaluations of software systems, pinpoint vulnerabilities, and recommend solutions in alignment with strict government security standards.
  
• Champion security-by-design principles. Design and implement comprehensive logging mechanisms, establish audit trails, and develop technical validation processes to ensure adherence to government recordkeeping and security mandates.
  
• Mentor teams on secure coding practices, threat modeling, and compliance-driven development. Integrate static/dynamic security testing tools into the development pipeline.
  
• Proactively identify potential security risks and vulnerabilities. Prepare comprehensive reports detailing security posture, compliance gaps, and prioritized mitigation strategies.
  
• Work closely with government stakeholders to understand security requirements, interpret directives, and ensure projects meet contractual compliance obligations.
  

BASIC QUALIFICATIONS:

• A bachelor's degree in computer science, Cybersecurity, Software Engineering, or a closely related technical field OR Extensive, directly relevant experience in secure software engineering and compliance may be considered in lieu of a degree.
  
• Deep expertise in secure software architecture, design patterns, and defensive coding techniques to safeguard systems from the ground up.
  
• In-depth understanding of data integrity principles, logging best practices, and rigorous auditing standards as they relate to government record-keeping requirements.
  
• In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
  
• Proven track record in designing and implementing robust security solutions within government-mandated compliance frameworks.
  
• Extensive experience in integrating security controls and testing throughout the SDLC, with a focus on threat modeling, vulnerability analysis, and secure code reviews.
  
• Mastery of multiple programming languages, secure coding principles, cybersecurity tools, and cloud security (desirable).
  
• Exceptional written and verbal communication. Ability to translate technical security requirements into actionable plans for development teams and clearly articulate risks to non-technical stakeholders.
  

PREFERERED QUALIFICATIONS:

• Experience with Oracle database administration, specifically upgrades or migrations.
  
• In-depth knowledge of cybersecurity frameworks (NIST, ISO, etc.), risk assessment methodologies, and federal compliance standards.
  
• Experience conducting comprehensive security evaluations and vulnerability assessments.
  
• Expertise in records management principles, log analysis, and auditing best practices.
  
• Understanding of government recordkeeping requirements and compliance frameworks.
  
• Strong understanding of log data formats, event correlation, and data retention policies.
  
• Proficiency in developing technical standards and documentation.
  
• Comprehensive understanding of security risk assessment methodologies and reporting frameworks.
  
• Certified Information Systems Security Professional (CISSP)
  
• Oracle Certified Professional (OCP) Database Administration
  
• Oracle Database Security Specialist
  
• Certified Information Systems Auditor (CISA)
  
• Systems Security Certified Practitioner (SSCP)
  
• OR a relevant GIAC certification (GSEC, GPEN, etc.)