Description

• Project Leadership: Lead complex cybersecurity projects from inception to completion, ensuring high-quality deliverables are met within scope, timeline, and budget.
• Customer Engagement: Serve as the primary point of contact for high-value clients, building strong relationships through frequent and transparent communication, understanding their security objectives, and translating requirements into actionable project plans.
• DevOps Integration: Oversee the integration of cybersecurity principles into DevOps processes, promoting a 'security by design' framework throughout all development and operations cycles.
• DevSec and CI/CD Practices: Champion DevSecOps methodologies by embedding security controls and automated testing within CI/CD pipelines, ensuring rapid, safe, and compliant code delivery.
• Vulnerability Assessment: Conduct and manage comprehensive assessments of software and infrastructure for security vulnerabilities using industry-standard tools and methodologies.

• Bachelor’s or Master’s degree in Computer Science, Information Security, Engineering, or a related technical field or equivalent full-time professional experience.
• 5+ years of experience as a Project Manager, Program Manager, ISSM, or Technical Lead in cybersecurity-focused projects, with a demonstrated history of direct, frequent engagement with enterprise and high-value customers.

• Hands-on experience in a cybersecurity leadership role within DevOps or DevSecOps environments.
• Demonstrated experience supporting DoD cybersecurity programs, including implementing and maintaining Authority to Operate (ATO) packages.
• Extensive experience with the Risk Management Framework (RMF) process, including all six RMF steps.
• Proficiency with eMASS (Enterprise Mission Assurance Support Service) for managing RMF packages and ATO documentation.
• Experience conducting system categorization, security control assessments, and working with security control baselines (e.g., NIST SP 800-53).
• Solid understanding of secure software development lifecycles (SDLC), DevSecOps, and CI/CD pipeline automation tools (e.g., Jenkins, GitLab, Azure DevOps).
• Expertise in identifying, analyzing, and remediating software vulnerabilities, including SAST, DAST, SCA, and penetration testing methodologies.
• Experience making risk-based recommendations and communicating complex technical findings to non-technical stakeholders.

• Knowledge of recent Navy cybersecurity efforts related to continuous ATO and cybersecurity processes, e.g. Rapid Assess and Incorporate Software Engineering (RAISE) and Afloat Software Authorization Playbook (ASAP)
• Experience developing and delivering customer-focused security services or products in SaaS or cloud-first companies.
• Track record of leading multi-disciplinary teams in a matrixed environment, including remote and distributed team members.
• Experience with threat modeling, red teaming, and incident response planning within Agile or DevOps frameworks.
• Hands-on familiarity with scripting (Python, Bash) or infrastructure-as-code (Terraform, Ansible) for automation of security tasks.

• Influential Communicator: Adept at translating technical security topics into meaningful business terms for diverse audiences.
• Customer-Centric Mindset: Passionate about delivering exceptional customer experiences and building trust with high-value clients.
• Strategic Thinker: Capable of envisioning and realizing secure business outcomes amid rapidly evolving technical and threat landscapes.