SME Information Security Analyst

The SME Cybersecurity professional provides expert-level cybersecurity and technology risk analysis supporting CISA decision makers on risks associated with foreign acquisitions of U.S. businesses related to critical infrastructure critical and emerging technologies and other cybersecurity and technology products and services. This position requires mastery of cybersecurity and technology principles concepts methods standards and practices to develop strategies for identifying short- and long-term national security risk from foreign investment and mitigating identified risks.

The Job Duties and Responsibilities include but are not limited to the following:

• Serve as Subject Matter Expert (SME) for transactions for which the contractor has relevant technical expertise or experience
• Identify and describe vulnerabilities consequences and mitigations based on submitted applications and materials for active Team Telecom cases differentiating between common and unique novel or complex risks in a manner that is clear actionable and representative of CISA and DHS equities
• Identify and describe vulnerabilities consequences and mitigations based on submitted materials for CFIUS cases differentiating between common and unique novel or complex risks in a manner that is clear actionable and representative of CISA and DHS equities
• Assess the ability of Risk Based Assessments (RBA) to mitigate case risks and provide recommendations for RBA modifications if risk mitigation capability is found lacking
• Assess submitted case materials against best practices and industry standards for new applications and cases and for evidence of compliance with Letters of Agreement (LOAs) and National Security Agreements (NSA); generate recommendations for improvement
• Track and monitor transaction party compliance with established mitigation measures
• Review and assess audits and other assessment reports pertaining to cybersecurity and technology such as cybersecurity audits
• Write materials that translate analytic insights into actionable recommendations
• Analyze and assess cybersecurity and technology risks in all FIRB matters
• Advise on any cybersecurity and technology questions related to risk and potential measures that could mitigate these risks
• Produce risk evaluations and appropriate mitigations for cases involving particularly novel or complex cybersecurity and technology questions
• Describe common vulnerabilities/risks and associated mitigations within cybersecurity and technology topics in core areas of interest to CISA
• Document descriptions of industry cybersecurity and technology trends in CISA FIRBs core areas of interest
• Identify potential risk-informed strategies for mitigating and/or managing cybersecurity and technology risks associated with all FIRB matters
• Conduct activities required to assist FIRB in identifying assessing communicating mitigating or otherwise evaluating or describing any cybersecurity and technology questions
• Utilize classified information systems for review of intelligence products relevant to active cases
• Perform cybersecurity and technology focused research and analysis tasks
• Identify and describe key cybersecurity and technology topics trends and discussions and their relevance to or impact on CFIUS or Team Telecom case reviews
• Develop materials to communicate educate and document analytic work for subject matter experts and non-expert stakeholders
• Clearly document and communicate analysis in written products and oral briefings
• Represent CISA and NRMC and participate in Government meetings in coordination with FIRB federal employees
• Apply mastery of cybersecurity and technology principles concepts methods standards and practices to develop strategies for identifying short- and long-term national security risk from foreign investment
• Apply comprehensive knowledge of advanced and sensitive cybersecurity and technology topics underlying U.S. industrial military intelligence critical infrastructure and law enforcement sectors

Required Qualifications:

• Bachelors degree in STEM field (preference given to fields related to a core area of FIRB cybersecurity and technology interest) OR at least 10 years of work experience in cybersecurity controls/system implementation and/or cybersecurity auditing and compliance may substitute for the bachelors degree
• At least 8 years of work experience in cybersecurity controls/system implementation and/or cybersecurity auditing and compliance or other related fields
• Must have and maintain at least one active (in good standing) cybersecurity certification for which a test is required
• Widely recognized certifications such as the Certified Information Systems Security Professional (CISSP) may substitute for 1 year of work experience depending on the level and relevance
• Demonstrated ability to conduct research and analysis in an area related to core FIRB area of cybersecurity and technology interest
• Demonstrated analytic writing and communication ability
• Mastery of and skill in applying cybersecurity and technology principles concepts methods standards and practices
• Proficient in Microsoft Office including Word Access Excel and PowerPoint
• Proficient in use of intelligence research tools such as Wirescreen Pitchbook or Sayari
• Possess TS/SCI clearance prior to starting work

Preferred Qualifications:

• Advanced degree in cybersecurity information security computer science or related field
• Multiple cybersecurity certifications (e.g. CISSP CISM CEH GIAC certifications)
• Experience with CFIUS or Team Telecom case reviews
• Knowledge of critical infrastructure cybersecurity frameworks (NIST CSF ICS/SCADA security)
• Experience with cybersecurity audit and compliance frameworks (ISO 27001 FedRAMP FISMA)
• Experience working with federal agencies on national security cybersecurity matters
• Expertise in emerging cybersecurity threats and mitigation strategies

Benefits: Health (PPO & HDHP) Insurance Dental Vision STD & LTD Basic Life Insurance 401k Company Match & Voluntary Products.

Knowesis is committed to providing equal employment opportunities to all individuals based on merit and qualifications. We prohibit discrimination in all aspects of employment as required by Title VII of the Civil Rights Act and other applicable federal laws. Our company values all applicants and employees and fosters a work environment where everyone is treated with respect and dignity.

Required Experience:

IC