CYBERSECURITY CLOUD SUBJECT MATTER EXPERT (SME)

Cybersecurity Cloud Subject Matter Expert (SME)

Serves as the primary cloud security architect responsible for ensuring that cloud-hosted IT systems, particularly the Electronic Contract Writing Module (ECWM) and related customer contracting systems, are architected, designed, and implemented with robust security controls that meet or exceed agency requirements. The SME provides comprehensive security oversight throughout the system lifecycle, from initial design through deployment and ongoing operations, with particular emphasis on cloud environments including Oracle Cloud Infrastructure (OCI), Amazon Web Services (AWS), and Microsoft Azure. The position requires deep expertise in DoD cybersecurity frameworks, FedRAMP compliance, Risk Management Framework (RMF), and the unique security challenges inherent in cloud-based Government systems handling sensitive contracting and procurement data.

Active Security Clearance

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related technical field

Advanced cloud security certifications (CCSP, CISSP, SABSA, or equivalent) CISSP, CISM, or other advanced cybersecurity certification

Experience with DoD Enterprise DevSecOps Reference Design

Knowledge of containerization security (Docker, Kubernetes) and micro services security architecture

Two (2) years of hands-on experience achieving Authorization to Operate (ATO) in cloud environments (OCI, AWS, Azure, or equivalent platforms) with demonstrated success in navigating complex compliance requirements

Five (5) years of experience achieving ATOs for compartmented DoD IT systems with deep understanding of DoD-specific security requirements, assessment processes, and stakeholder coordination

Current cloud security certification from major cloud providers (Oracle Cloud Infrastructure, AWS, Azure, or equivalent) demonstrating technical proficiency and up-to date knowledge of cloud security capabilities.

DoD Approved 8140/8570 Baseline Certification:

Extensive knowledge of FedRAMP assessment methodology including practical experience with FedRAMP security control requirements, assessment procedures, and authorization processes

Demonstrated experience working with Oracle Cloud Infrastructure (OCI) including security architecture, implementation, and compliance activities

Proven experience working with enterprise DoD IT systems, understanding of DoD architecture standards, and familiarity with DoD cybersecurity requirements and processes

Advanced expertise in cloud security architecture principles across multiple platforms (OCI, AWS, Azure, Google Cloud) with deep understanding of shared responsibility models, cloud-native security services, and hybrid cloud security considerations

Comprehensive knowledge of cloud security engineering best practices including identity and access management (IAM), network security, data encryption, key management, and secure application deployment patterns

Proficiency in Infrastructure as Code (IaC) security, container security, serverless security, and cloud workload protection platforms with ability to implement security-by-design principles

Expert-level understanding of cloud security threats, attack vectors, and mitigation strategies including advanced persistent threats (APTs), insider threats, and cloud-specific vulnerabilities

Extensive experience with DoD Risk Management Framework (RMF) processes including system categorization, security control selection and implementation, assessment procedures, authorization decisions, and continuous monitoring

Deep knowledge of NIST cybersecurity frameworks (SP 800-53, SP 800-37, SP 800-171), DISA Security Technical Implementation Guides (STIGs), and DoD cybersecurity policies and instructions

Comprehensive understanding of FedRAMP assessment methodology, including security control inheritance, shared controls, and the FedRAMP authorization process for cloud service providers

Expertise in Authorization to Operate (ATO) processes for both cloud environments and compartmented DoD IT systems, including security documentation development, evidence collection, and stakeholder coordination

Advanced capabilities in conducting comprehensive cybersecurity vulnerability assessments with specific focus on cloud hosting environments and the unique risks associated with multi-tenant cloud infrastructure • Proficiency in security testing methodologies including penetration testing, vulnerability scanning, configuration assessments, and security control validation

Experience with security assessment tools and platforms including Assured Compliance Assessment Solution (ACAS), commercial vulnerability scanners, and cloud security posture management (CSPM) tools

Knowledge of threat modeling, security architecture review processes, and the ability to identify and mitigate security gaps in complex, distributed systems

Proven ability to review existing cloud security policies and provide actionable recommendations for improvement to enhance overall security posture and meet evolving threat landscapes

Experience in developing security standards, procedures, and guidelines that balance security requirements with operational efficiency and mission effectiveness

Knowledge of emerging cloud security technologies and methodologies with ability to assess their applicability to DoD environments and recommend adoption strategies

Comprehensive understanding of enterprise DoD IT architecture, including network topologies, system interconnections, data flows, and the security implications of complex system integrations

Experience with DoD enterprise services, shared services, and the security considerations involved in connecting cloud-hosted applications to existing DoD infrastructure

Knowledge of DoD cloud strategy and implementation approach

Hands-on experience with cloud security tools and services including cloud access security brokers (CASB), cloud workload protection platforms (CWPP), and security information and event management (SIEM) solutions

Proficiency in security automation, orchestration, and response (SOAR) capabilities with understanding of how to leverage cloud-native security services for incident response and threat hunting

Knowledge of DevSecOps practices and the integration of security controls into continuous integration/continuous deployment (CI/CD) pipelines

Understanding of backup and disaster recovery security considerations, business continuity planning, and the security implications of cloud-based recovery solutions

Experience with Government cloud initiatives (milCloud, AWS GovCloud, Azure Government)

Familiarity with AI/ML security considerations in cloud environments

Only qualified candidates will be contacted. Be sure to keep an eye on your spam or junk folders in case our emails end up in there! Please, no phone calls directly to our business, CEO, hiring managers, or recruiters. Due to the high volume of applicants, we typically receive for our career openings, we are not able to do phone interviews until later stages of the hiring process.

Toomey Technologies is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, gender, disability, age, or veteran status.