Information Assurance/Cyber Security Subject Matter Expert

Information Technology Fort Belvoir, Virginia Job ID: 2017-108



STG, Inc. has an immediate opportunity as a Information Assurance/Cyber Security Subject Matter Expert located in Fort Belvoir, VA! This position will support CISD, which provides cutting edge services focused on supporting the Civilian Human Resources Agency, Department of the Army.


The Information Assurance/Cyber Security Subject Matter Expert will provide support for CISD's Cyber Security Team in the provision of cyber security guidance and implementing industry best business practices. Information Assurance/Cyber Security Subject Matter Expert will adhere to established timelines based upon established Project Plans as required and the following:


  • Update System Security Plan (SSP) to provide a comprehensive description of the IS and enclave to include an overview of the security requirements. Describe the CSIA security controls in place or planned for implementation for meeting the mandated compliance requirements. The SME will advise and assist the Product Manager with the conversion of the existing DIACAP SSPs into the required RMF format for the CHRA ISs and enclaves.
  • Update Plan of Action & Milestones (POA&M) to describe the measures that have been implemented or planned: (i) to correct any deficiencies noted during the assessment of the security controls; and (ii) to reduce or eliminate known vulnerabilities in the IS and enclave. The SME will collaborate on the content and updates of the POA&M with the Product and/or Enclave Manager and enter the data into RMF e-MASS.
  • Conduct IA Security Control Assessments to assess the applicable CSIA security controls assigned to the information system. The assessment process will entail the technical, operational, and management controls of the system, review of all documentation and processes for the system, and interviews with system personnel to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the system security requirements. The SME will assess STIG, SCAP, ACAS, IAVM, application STIG scans/results, etc. for compliance. The assessment results will be recorded in RMF e-MASS.
  • Prepare Security Control Artifacts containing essential information, processes, and diagrams to prove compliance and effectiveness of associated CSIA security controls for the ISs and enclaves.



Minimum Qualifications:


  • Secret SSBI security clearance. 


Required Skills:

  • 12 + years of combined experience in Certification and Accreditation, Risk Management Framework, and Risk Management Framework e-Mass process.
  • Experience in Certification and Accreditation provisions in the Department of Defense Instruction (DODI) 8510.01 Risk Management Framework, DODI 8500.01 Cyber Security, AR 25-2 Army Information Assurance and the HQDA G6 Certificate of Networthiness process.
  • Experience in CA Service Desk version migration or installation.



  • Equivalent experience may be substituted for degree.


Certification Requirements:

  • IAT II certification or higher