Tista Science and Technology Corporation

  • Cybersecurity Framework Subject Matter Expert

    Job ID 2019-1666
    Job Locations US-MD-Bethesda
  • Overview

    TISTA Science and Technology Corporation, a CMMI Maturity Level 3 company, focuses on delivering information technology and professional services to Federal and State agencies. TISTA is an Inc. 500 company, a recipient of the 2010 Top 100 Service-Disabled Veteran-Owned Businesses from Diversity Business, recognized in Washington Technology's FAST 50 list of the fastest growing small businesses in government contracting in 2012 & 2013, recognized as the Top 25 Fastest Growing Small Technology companies by the Washington Business Journal in 2014 & 2015, and selected as the Veteran Owned Company of the Year in 2014 by the Montgomery County MD Dept. of Economic Development.


    Here at TISTA Science and Technology we value our Veterans and encourage all to apply!


    TISTA Science and Technology is seeking a Cybersecurity Framework SME to join our growing team! As a Cybersecurity Framework Subject Matter Expert, you will be responsible for supporting the implementation of the Framework across the various program components. This will include defining the target framework tiers and profiles of the program based on risk tolerance. The ideal candidate for this position is a security professional familiar with the NIST Cybersecurity Framework (CSF), experience in implementing and communicating Federal Information Security Modernization Act (FISMA) compliance for the Federal Government, and a thorough understanding of cloud computing and cloud security principles.


    • Engage with the program office to define the target tiers for security framework categories and continuously mature the program’s framework documentation
    • Advocate security framework principles and the benefits for managing risk across components
    • Support the development and revision of component information systems security documentation templates (e.g. System Boundary development, System Security Plan (SSP), Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthorization, Privacy Threshold Analysis, etc.) based on changing NIST and federal guidance
    • Actively participate in stakeholder meetings and help shape security practices based on the framework
    • Assist component system owners, security personnel, and stakeholders in understanding assessment and authorization (A&A) documentation requirements. Review completed templates to ensure completeness and accuracy
    • Engage and collaborate with initiative stakeholders to support their solution design, implementation, and inter-connectivity requirements
    • Engage with CSPs and security vendors to validate/verify solutions in support of system development
    • Support the development of artifacts, such as project summaries, position statements, recommendations and point papers, for status reporting, executive communications, and stakeholder awareness
    • Coordinate with project managers to ensure timely completion of project activities, including identification of scope changes, critical path items, and dependencies


    • 10 combined years of A&A, cybersecurity, risk management, and/or cloud security experience
    • Experience with NIST CSF
    • Experience with application of FISMA guidelines including the NIST special publications
    • Experience with implementation of FedRAMP security control requirements
    • Experience with commercial CSPs
    • Working knowledge of cloud security tools such as tenant monitoring and cloud access security brokers (CASB)
    • Strong customer-service attitude, ability to multi-task and work independently
    • Strong in-person, written and verbal communication skills
    • High aptitude for learning and flexibility

    Preferred Qualification:

    • Certified Information Systems Security Professional (CISSP)
    • CSP certifications such as AWS Certified Solutions Architect
    • Experience with scientific data sharing
    • Understanding of the NIST guidance for Ongoing Authorization
    • Additional cybersecurity and CSP certifications and training, such as CCSP/CCSK, CEH, and CNDA
    • Direct support of public sector Information Security Programs
    • Federal government and research institution experience


    • Bachelor’s degree


    • Ability to obtain Public Trust


    • Bethesda, MD


    Here at TISTA Science and Technology we value our Veterans and encourage all to apply!


    TISTA is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, or protected veteran status.



    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed