VMD Corp Careers

Description

• Lead and manage a team of security professionals responsible for conducting cyber security assessments on Information Technology and Operational Technology.
• Provide task leadership, work allocation, and mentorship to team members across assigned assessments; perform quality assurance reviews of deliverables; and ensure the timely, accurate completion of assessment activities and associated reporting milestones.
• Provide formal audit and inspection expertise in accordance with national cybersecurity requirements, federal mandates, and industry related best practices for all end nodes, systems, and devices connected to both classified and unclassified networks.
• Develop, refine, and implement effective security assessment strategies, methodologies, and procedures, while adapting to evolving organizational priorities, policy and legal changes, and emerging technologies, including artificial intelligence, cloud platforms, and modernized enterprise architectures.
• Support the maturation and continuous improvement of the cybersecurity assessment program, partnering closely with federal leadership and stakeholders to strengthen methodologies, governance processes, reporting standards, and enterprise assessment capabilities.
• Participate in all phases of planning, development, programming, and execution of the cybersecurity assessment program, including support for all assessment types within scope. Responsibilities include scheduling and coordination, data call management, development of technical rules of engagement, completion of assessment plans, and onsite validation logistics planning in accordance with organizational policies and procedures.
• Prepare for and execute scheduled assessments by interviewing personnel, testing controls, reviewing evidence, and physically examining IT/OT systems, applications, infrastructure components, and associated security artifacts.
• Document findings, deficiencies, and instances of requirement non-compliance, provide risk-based recommendations for improvement, and identify best practices in accordance with approved assessment plans, methodologies, and procedures.
• Analyze assessment results, and support daily updates and final briefings during assessments.   
• Correlate findings, perform trend analysis, and prepare audience-appropriate comprehensive reports.
• Obtain and maintain DOE Derivative Classifier certifications as required to support mission and program responsibilities.
• Maintain required professional certifications through continuous professional education (CPE) and ongoing professional development, while remaining current on emerging threats, evolving technologies, federal mandates, and cybersecurity best practices.

• Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related discipline, with a minimum of 15 years of relevant professional experience.  Additional directly related experience may be substituted for the degree requirement.
• CISSP, or combination of program and technical certifications to satisfy requirements for both DoD 8570 Information Assurance Technical III category (CASP+, CISA, GCED, GCIH) and Information Assurance Management III categories (CISM, GSLC).
• Demonstrated expert-level experience leading and managing cyber assessment teams in the execution of cybersecurity assessments in both Information Technology and Operational Technology fields.
• Deep working knowledge of federal cybersecurity requirements, mandates, and compliance frameworks, including FISMA, NIST SP 800-37, NIST SP 800-53, NIST SP 800-115, CNSSI 1253, and applicable OMB policies and memoranda.
• Exceptional written communication skills, including proven experience developing cybersecurity policies, standards, and procedures. Demonstrated ability to develop professional, effective, and factual assessment reports.
• Active or current DOE Q Clearance or Top Secret clearance with SCI eligibility, and the ability to successfully obtain and maintain a polygraph, as required.
• Work Status: US Citizen 

• Demonstrated subject matter expertise in federal cybersecurity baseline requirements, with preferred experience supporting Department of Energy (DOE) environments, directives, and mission systems.
• Prior experience serving in an Information System Security Manager (ISSM) or equivalent cybersecurity leadership role, with responsibility for governance, risk oversight, and enterprise security program execution.
• Hands-on experience in secure configuration management and system hardening, including application, validation, and tailoring of appropriate DISA STIGs, CIS benchmarks, and other secure baseline standards across enterprise environments.
• Understanding of NIST and organizational implementations of risk management processes; cybersecurity threat and vulnerability identification and analysis; and the ability to quantify and qualify impact and risk posed to the confidentiality, integrity, and availability of government information and operational technology systems, applications, and information under assessment.
• Demonstrate sufficient knowledge in other security disciplines such as information security, technical security (i.e., Protected Distribution Systems, TEMPEST, and Wireless Security), communications security, operations security, and physical security to assess related cybersecurity protection measures.
• Experience securing cloud environments, including implementation and assessment of secure configurations across AWS, Azure, or hybrid federal cloud platforms.
• Working knowledge of Zero Trust principles, architectures, and maturity frameworks, with experience evaluating or supporting implementation aligned to federal Zero Trust strategies.
• Experience supporting enterprise vulnerability management programs, including demonstrated proficiency with Tenable Security Center / Tenable.sc, vulnerability analysis, prioritization, and remediation validation workflows.

• A high level of initiative, professionalism, and self-motivation, with the ability to independently drive complex cybersecurity assessment activities to completion.
• Exceptional attention to detail, time management, and organizational skills.
• A commitment to continuous learning, with the ability to remain current on emerging cybersecurity technologies, threat trends, assessment methodologies, and federal security mandates.
• Strong written and verbal communication skills, including the ability to translate technical findings into clear, actionable guidance.
• Natural leadership and team influence, with the ability to lead assessment efforts, mentor junior personnel, and facilitate stakeholder engagement.
• Professionalism beyond reproach for themselves.

• Travel:  Significant (between 25%-75%). Work will be conducted at sites across the US.
• Telecommute Options:  Remote