Cyber Security Architect - RMF Lead

Company Overview

By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide. 

Cole Engineering Services (CESI), a By Light company, is recognized as a premier provider of modeling and simulation (M&S) training solutions to the Federal Government and industry. Since 2004, CESI has been at the forefront of developing, maintaining, and integrating simulation-based training, serious gaming, technical services, training and other support in live, virtual, constructive, and gaming (LVCG) domains.  

This is a proposal position.

Position Overview

The Cybersecurity Architect/SR RMF Lead will provide support at Marine Corps Base Camp Lejeune, NC. This position will manage, maintain, and ensure the security of Industrial Control Systems (ICS) and Operational Technology (OT) solutions at FRCS Cyber Operations Group. This role requires deep expertise in Risk Management Framework (RMF) processes, ICS/OT systems, and compliance with DoD, DoN, and USMC cybersecurity requirements.

Responsibilities

• Oversee the continued operation, maintenance, and administration of existing ICS/OT solutions, including BAS, W&WW, HVSCADA, Metering, Lighting, and other systems as defined by CLNC PWD and FRCS Cyber Operations Group
• Conduct inspections and surveys of new and existing sites (buildings and physical locations) for ICS/OT Supervisory Controllers
• Provide survey findings to CLNC PWD to integrate new ICS/OT systems into the existing solution
• Inspect and assess Supervisory Controllers to ensure compliance with applicable DoD, DoN, and USMC installation and configuration requirements
• Install and maintain a representative model of correctly installed ICS/OT Supervisory Controllers in a Testbed environment
• Configure Encrypt/Decrypt devices for firewall connections over MCEN using approved IPSec VPNs
• Ensure successful integration of new Supervisory Controllers with MCEN via approved VPNs
• Maintain and update Encrypt/Decrypt devices to meet operational and cybersecurity standards
• Architect and administer Nutanix Hyperconverged Virtual environments
• Administer and maintain servers and applications for all ICS/OT systems within Testbed, Preproduction, and Production environments
• Configure firewalls to align with RMF "Type" ATO/ATC guidelines
• Perform other duties as assigned

Required Experience/Qualifications

• Strong understanding of DoD, DoN, and USMC cybersecurity policies
• Excellent problem-solving, analytical, and communication skills
• Ability to work collaboratively with cross-functional teams
• Expertise in RMF processes and cybersecurity compliance
• Master’s Degree or 20 years C&A/A&A experience
• Professional Certifications (Required):
• Experience with USMC “Type” accreditations (ATO/ATC) for large architectures
• Experienced with writing custom Cybersecurity policies for ICS/OT devices and systems
• Expert in the USMC A&A process to include MCCAST 2.0, RMF, DFIA, and CNSSI 1253
• CNSS 4011, 4012, 4015, 4016A
• Experience creating/managing POAMs
• Experience with DISA STIGs
• Experience interpreting/implementing standards and policies in accordance with NIST 800-53/DoDI 8510.01
• Experience with vulnerability/risk analysis
• Experience conducting compliance assessments/validations as well as conceptualizing and implementing security systems and architectures
• Expert in the creation and editing of White Papers, Briefs, Training Materials, and other documentation related to the technical solution developed at CLNC
• Must have a current secret security clearance or have the capability to obtain/maintain a secret security clearance for the duration of the contract

Preferred Experience/Qualifications

• ICS CERT Training (Desired): - Introduction to Control Systems Cybersecurity (101):
• Intermediate Cybersecurity for Industrial Control Systems (201)
• Intermediate Cybersecurity for Industrial Control Systems (202)
• ICS Cybersecurity (301)
• IAM Level 3 (CISSP Desired)

Special Requirements/Security Clearance

DoD Secret Clearance Required