SME Information Security Analyst

Position: SME Cybersecurity / SME Information Security AnalystLocation: Washington, D.C.Work Environment: On-siteClearance Required: TS/SCI clearance prior to starting workStatus: ContingentThe SME Cybersecurity professional provides expert-level cybersecurity and technology risk analysis supporting CISA decision makers on risks associated with foreign acquisitions of U.S. businesses related to critical infrastructure, critical and emerging technologies, and other cybersecurity and technology products and services. This position requires mastery of cybersecurity and technology principles, concepts, methods, standards, and practices to develop strategies for identifying short- and long-term national security risk from foreign investment and mitigating identified risks.The Job Duties and Responsibilities include but are not limited to the following:Serve as Subject Matter Expert (SME) for transactions for which the contractor has relevant technical expertise or experienceIdentify and describe vulnerabilities, consequences, and mitigations based on submitted applications and materials for active Team Telecom cases, differentiating between common and unique, novel, or complex risks in a manner that is clear, actionable, and representative of CISA and DHS equitiesIdentify and describe vulnerabilities, consequences, and mitigations based on submitted materials for CFIUS cases, differentiating between common and unique, novel, or complex risks in a manner that is clear, actionable, and representative of CISA and DHS equitiesAssess the ability of Risk Based Assessments (RBA) to mitigate case risks and provide recommendations for RBA modifications if risk mitigation capability is found lackingAssess submitted case materials against best practices and industry standards for new applications and cases and for evidence of compliance with Letters of Agreement (LOAs) and National Security Agreements (NSA); generate recommendations for improvementTrack and monitor transaction party compliance with established mitigation measuresReview and assess audits and other assessment reports pertaining to cybersecurity and technology, such as cybersecurity auditsWrite materials that translate analytic insights into actionable recommendationsAnalyze and assess cybersecurity and technology risks in all FIRB mattersAdvise on any cybersecurity and technology questions related to risk and potential measures that could mitigate these risksProduce risk evaluations and appropriate mitigations for cases involving particularly novel or complex cybersecurity and technology questionsDescribe common vulnerabilities/risks and associated mitigations within cybersecurity and technology topics in core areas of interest to CISADocument descriptions of industry, cybersecurity, and technology trends in CISA FIRB's core areas of interestIdentify potential, risk-informed strategies for mitigating and/or managing cybersecurity and technology risks associated with all FIRB mattersConduct activities required to assist FIRB in identifying, assessing, communicating, mitigating, or otherwise evaluating or describing any cybersecurity and technology questionsUtilize classified information systems for review of intelligence products relevant to active casesPerform cybersecurity and technology focused research and analysis tasksIdentify and describe key cybersecurity and technology topics, trends, and discussions and their relevance to or impact on CFIUS or Team Telecom case reviewsDevelop materials to communicate, educate, and document analytic work for subject matter experts and non-expert stakeholdersClearly document and communicate analysis in written products and oral briefingsRepresent CISA and NRMC and participate in Government meetings in coordination with FIRB federal employeesApply mastery of cybersecurity and technology principles, concepts, methods, standards, and practices to develop strategies for identifying short- and long-term national security risk from foreign investmentApply comprehensive knowledge of advanced and sensitive cybersecurity and technology topics underlying U.S. industrial, military, intelligence, critical infrastructure, and law enforcement sectorsRequired Qualifications:Bachelor's degree in STEM field (preference given to fields related to a core area of FIRB cybersecurity and technology interest), OR at least 10 years of work experience in cybersecurity controls/system implementation and/or cybersecurity auditing and compliance may substitute for the bachelor's degreeAt least 8 years of work experience in cybersecurity controls/system implementation and/or cybersecurity auditing and compliance, or other related fieldsMust have and maintain at least one active (in good standing) cybersecurity certification for which a test is requiredWidely recognized certifications such as the Certified Information Systems Security Professional (CISSP) may substitute for 1 year of work experience, depending on the level and relevanceDemonstrated ability to conduct research and analysis in an area related to core FIRB area of cybersecurity and technology interestDemonstrated analytic writing and communication abilityMastery of and skill in applying cybersecurity and technology principles, concepts, methods, standards, and practicesProficient in Microsoft Office including Word, Access, Excel, and PowerPointProficient in use of intelligence research tools, such as Wirescreen, Pitchbook, or SayariPossess TS/SCI clearance prior to starting workPreferred Qualifications:Advanced degree in cybersecurity, information security, computer science, or related fieldMultiple cybersecurity certifications (e.g., CISSP, CISM, CEH, GIAC certifications)Experience with CFIUS or Team Telecom case reviewsKnowledge of critical infrastructure cybersecurity frameworks (NIST CSF, ICS/SCADA security)Experience with cybersecurity audit and compliance frameworks (ISO 27001, FedRAMP, FISMA)Experience working with federal agencies on national security cybersecurity mattersExpertise in emerging cybersecurity threats and mitigation strategiesBenefits: Health (PPO & HDHP) Insurance, Dental, Vision, STD & LTD, Basic Life Insurance, 401k Company Match, & Voluntary Products.Knowesis is committed to providing equal employment opportunities to all individuals based on merit and qualifications. We prohibit discrimination in all aspects of employment as required by Title VII of the Civil Rights Act and other applicable federal laws. Our company values all applicants and employees and fosters a work environment where everyone is treated with respect and dignity.