Cybersecurity Lead
Red Cedar Consultancy, LLC, Mc Lean, VA, United States
Job Title: Cybersecurity Subject Matter Expert (SME) – Lead (Key Personnel)
Location: Fort Belvoir, VA OR Richmond, VA OR Battle Creek, MI OR Columbus, OH OR Dayton, OH OR New Cumberland, PA OR Odgen, UT OR Philadelphia, PA
Summary: Seeking a highly experienced Cybersecurity SME – Lead to provide technical leadership, analysis, and support for complex DoD cybersecurity initiatives. This role serves as a key expert within the Cybersecurity Assessment Program, driving RMF implementation, cybersecurity compliance, and inspection readiness. The ideal candidate will lead the development of cybersecurity artifacts, provide strategic direction, and deliver innovative solutions across enterprise-level environments while ensuring adherence to DoD standards and evolving security frameworks.
Responsibilities:
Serve as technical lead and SME for cybersecurity assessments, RMF, and DoD compliance initiatives
Provide guidance, oversight, and mentorship to cybersecurity teams ensuring high-quality, audit-ready deliverables
Develop, review, and maintain RMF artifacts including SSP, CONOPS, Incident Response Plan, Contingency Plan, and Configuration Management Plan
Lead preparation for DoD cybersecurity inspections (CCRI, CORA, Blue Team assessments)
Conduct security control assessments and authorization reviews for complex enterprise systems
Manage POA&M lifecycle including tracking, remediation, and closure of vulnerabilities
Interpret DoD cybersecurity policies, STIGs, SRGs, IAVMs, and develop compliant documentation
Recommend and evaluate cybersecurity tools; support development of STIGs and tool requirements
Generate reports, analytics, and dashboards on vulnerabilities, compliance, and risk posture
Collaborate with ISSM/ISSO and stakeholders to ensure system security and compliance
Support cybersecurity strategy, policy development, and emerging technology security (Cloud, ICS/OT)
Requirements:
10+ years of IT experience
10+ years of DoD cybersecurity experience
10+ years of RMF and NIST A&A experience
Strong expertise in DoD cybersecurity frameworks, compliance, and documentation (STIGs, SRGs, IAVMs)
Proven experience supporting DoD inspections (CCRI, CORA, Blue Team)
Hands-on experience with security control assessments and authorization processes
Experience managing POA&M lifecycle and cybersecurity artifacts
Proficiency with tools such as Microsoft Excel, Access, Power BI, and Power Platform
Strong analytical, problem-solving, and research skills
Excellent written and verbal communication skills
Experience with cloud, IT, ICS/OT cybersecurity environments
Active DoD Secret Clearance (IT-II Non-Critical Sensitive / Tier 3 required at submission)
Certification Requirements:
DoD 8570 IAT Level III (future DoD 8140 compliance)
ICS300 or relevant OT/ICS cybersecurity certification
ACAS and Tanium Training Module/Course completion
DLA approved Computing Environment (CE) certification
Preferred Qualifications:
Experience in large-scale federal or defense environments
Advanced expertise in cybersecurity evaluations and enterprise risk management
Experience with emerging technologies and modern security architectures
Strong leadership experience with cross-functional teams
Ability to work independently and drive initiatives with minimal oversight
Location: Fort Belvoir, VA OR Richmond, VA OR Battle Creek, MI OR Columbus, OH OR Dayton, OH OR New Cumberland, PA OR Odgen, UT OR Philadelphia, PA
Summary: Seeking a highly experienced Cybersecurity SME – Lead to provide technical leadership, analysis, and support for complex DoD cybersecurity initiatives. This role serves as a key expert within the Cybersecurity Assessment Program, driving RMF implementation, cybersecurity compliance, and inspection readiness. The ideal candidate will lead the development of cybersecurity artifacts, provide strategic direction, and deliver innovative solutions across enterprise-level environments while ensuring adherence to DoD standards and evolving security frameworks.
Responsibilities:
Serve as technical lead and SME for cybersecurity assessments, RMF, and DoD compliance initiatives
Provide guidance, oversight, and mentorship to cybersecurity teams ensuring high-quality, audit-ready deliverables
Develop, review, and maintain RMF artifacts including SSP, CONOPS, Incident Response Plan, Contingency Plan, and Configuration Management Plan
Lead preparation for DoD cybersecurity inspections (CCRI, CORA, Blue Team assessments)
Conduct security control assessments and authorization reviews for complex enterprise systems
Manage POA&M lifecycle including tracking, remediation, and closure of vulnerabilities
Interpret DoD cybersecurity policies, STIGs, SRGs, IAVMs, and develop compliant documentation
Recommend and evaluate cybersecurity tools; support development of STIGs and tool requirements
Generate reports, analytics, and dashboards on vulnerabilities, compliance, and risk posture
Collaborate with ISSM/ISSO and stakeholders to ensure system security and compliance
Support cybersecurity strategy, policy development, and emerging technology security (Cloud, ICS/OT)
Requirements:
10+ years of IT experience
10+ years of DoD cybersecurity experience
10+ years of RMF and NIST A&A experience
Strong expertise in DoD cybersecurity frameworks, compliance, and documentation (STIGs, SRGs, IAVMs)
Proven experience supporting DoD inspections (CCRI, CORA, Blue Team)
Hands-on experience with security control assessments and authorization processes
Experience managing POA&M lifecycle and cybersecurity artifacts
Proficiency with tools such as Microsoft Excel, Access, Power BI, and Power Platform
Strong analytical, problem-solving, and research skills
Excellent written and verbal communication skills
Experience with cloud, IT, ICS/OT cybersecurity environments
Active DoD Secret Clearance (IT-II Non-Critical Sensitive / Tier 3 required at submission)
Certification Requirements:
DoD 8570 IAT Level III (future DoD 8140 compliance)
ICS300 or relevant OT/ICS cybersecurity certification
ACAS and Tanium Training Module/Course completion
DLA approved Computing Environment (CE) certification
Preferred Qualifications:
Experience in large-scale federal or defense environments
Advanced expertise in cybersecurity evaluations and enterprise risk management
Experience with emerging technologies and modern security architectures
Strong leadership experience with cross-functional teams
Ability to work independently and drive initiatives with minimal oversight