General Dynamics Information Technology · 11 hours ago
Security Subject Matter Expert (SME)
United States
Full-time
Remote
Senior Level, Lead/Staff
$166K/yr - $224K/yr
10+ years expGeneral Dynamics Information Technology is a global technology and professional services company that delivers consulting, technology, and mission services to various U.S. government agencies. They are seeking a Security Subject Matter Expert (SME) to lead security initiatives for hybrid enterprise environments, focusing on Zero Trust architectures and continuous compliance while improving operational security outcomes.
Artificial Intelligence (AI)Cloud ComputingConsultingCyber SecurityInformation Technology
Responsibilities
Architect, implement, and operate a Zero Trust, RMF-aligned security solutions
Own the end-to-end security operating model, identity and access, vulnerability and patch orchestration, logging and SIEM/SOAR, supply-chain integrity, backup/DR resilience, and continuous monitoring
Convert compliance into a running capability rather than a paperwork cycle
Drive continuous compliance with authoritative evidence from VA systems
Lead joint 'swarm' response during incidents and turn lessons into baseline changes
Translate risk into clear narratives for executives and non-technical stakeholders
Qualification
Required
10 + years of related experience
Bachelor's Degree. In lieu of a degree, an additional four years of related experience required
10+ years in enterprise cybersecurity engineering/operations with direct ownership of hybrid (data center + AWS/Azure) environments; 3+ years in regulated or federal programs (VA/DoD/DHS/HHS or equivalent)
Demonstrated delivery of Zero Trust architectures (per NIST SP 800-207/TIC 3.0), RMF/ATO sustainment (SP 800-53 Rev 5/53B baselines), and continuous monitoring at scale
Hands-on leadership standing up SIEM/SOAR, EDR, vulnerability management, identity platforms (SSO/PIV/FIDO, PAM/JIT), and audited disaster recovery programs (SP 800-184)
Proven record improving outcomes: higher control pass, reduced critical vuln aging, faster MTTR, successful external assessments, and repeatable ATO renewals
Experience operating within multi-vendor/SIAM models with cross-vendor OLAs and shared KPIs
Identity & Access (ICAM): SSO (SAML/OIDC), PIV/CAC and FIDO2, JIT/PAM, least-privilege for human and workload identities; directory hygiene and join/move/leave automation
Network & Platform Security: Segmentation and micro-segmentation, SASE/SD-WAN patterns aligned to TIC 3.0; hardened baselines (STIG/CIS) for OS, containers, and Kubernetes/OpenShift (admission control, policy engines)
Logging, Detection, and Response: Event logging per OMB M-21-31, SIEM content engineering, SOAR playbooks, EDR tuning; run tabletop exercises and purple-team improvements
Vulnerability & Patch Orchestration: Toolchain proficiency (e.g., Tenable/Qualys, WSUS/Linux lifecycle), KEV-driven prioritization, SLAs by criticality, and automated compliance evidence (SCAP)
Secure SDLC & Supply Chain: SSDF (SP 800-218) practices, artifact signing and provenance/attestations (SLSA/SBOM), trusted registries, policy-as-code gates in CI/CD; secrets management (KMS/Vault)
Data & Storage Protection: Encryption in transit/at rest (FIPS-140 validated), key management, DLP patterns, immutable/object-lock backups, tested DR with objective pass/fail artifacts
Standards & Tooling Fluency: NIST CSF 2.0, SP 800-61 (IR), SP 800-53/53B, SP 800-207, SP 800-184, TIC 3.0, FIPS-140; OSCAL for machine-readable SSP/ConMon
Public Trust security clearance level
Clear Communicator: Converts complex risk and telemetry into executive-ready, plain-language updates; writes crisp playbooks, runbooks, and policy one-pagers
Outcome-Driven: Ties security work to measurable results, control pass rate, vuln aging, incident frequency/MTTR, DR test pass, and audit findings, published on a shared scorecard
Builder's Mindset: Designs controls that are easy to use and hard to bypass; prefers automation over manual checks; balances guardrails with delivery speed
Facilitation & Influence: Leads cross-domain incident “swarming,” champions secure patterns with engineers, and negotiates trade-offs that protect both security and uptime
Governance & Rigor: Runs change risk reviews, manages POA&Ms to closure, and keeps the ATO pipeline predictable with OSCAL-based evidence and scheduled assessments
Mission Focus: Aligns security investments with VA outcomes including fewer disruptions for clinicians and staff, stronger protection of Veteran data, and demonstrable stewardship of taxpayer funds
Preferred
CISSP
CCSP
CISM
CASP+
GIAC (GCIH/GCIA/GMON/GCSA/GPCS/GCED)
CEH
AWS/Azure security specialty
CAP or equivalent RMF credential
Benefits
401K with company match
Comprehensive health and wellness packages
Paid vacation and 10 company-paid holidays
Paid parental leave
Paid military leave
Paid bereavement leave
Paid jury duty leave
Short and long-term disability benefits
Life insurance
Accidental death and dismemberment insurance
Personal accident insurance
Critical illness insurance
Business travel and accident insurance
Company
General Dynamics Information Technology
General Dynamics Information Technology is an IT consulting company that specializes in cyber security, AI, and quantum computing. It is a sub-organization of General Dynamics.
10001+ employees
H1B Sponsorship
General Dynamics Information Technology has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (32)
2024 (27)
2023 (36)
2022 (19)
2021 (18)
2020 (13)
Funding
Current Stage
Late StageLeadership Team
Paul Nedzbala
Senior Vice President
Ben Buckley
Vice President and General Manager
Recent News
Company data provided by crunchbase