CYBER SECURITY LEAD with A&A

Our client is seeking a Cyber Security Team Lead to join our program supporting a leading biomedical government research institution in the United States. Our program designs, secures, and manages enterprise infrastructure that hosts mission-critical applications across both on-premises and cloud environments. As the Cyber Security Team Lead, you will oversee a multidisciplinary security team responsible for audits, ATO boundary management, continuous monitoring, vulnerability remediation, and security tool oversight. This role requires both subject matter expertise and leadership providing strategic direction while remaining technically credible in engagements with engineers, system owners, and research stakeholders. Your work will directly support the secure delivery of technology that advances biomedical research and public health.

HOW A CYBER SECURITY TEAM LEAD WILL MAKE AN IMPACT:

• Manage day-to-day operations of the cyber security team, including assigning tasks, managing workload distribution, establishing priorities, ensuring deadlines are met, tracking deliverables, developing status reports, and briefing leadership.
• Provide technical leadership and subject matter expertise across one or more domains including A&A, cloud security, incident response, vulnerability management, or infrastructure security.
• Oversee execution of all aspects of security audits and assessments including SOC, OIG, GSA, OMB A-123, and internal/external compliance reviews.
• Provide oversight for ATO boundaries and System Security Plans (SSPs) for infrastructure services supporting on-premises and cloud-hosted applications including compute, databases, and storage platforms.
• Oversee vulnerability management operations including enterprise scanning, risk-based prioritization, remediation tracking, and executive reporting.
• Participate in and lead Disaster Recovery (DR) and Continuity of Operations (COOP) exercises as required.
• Work directly with customers and system owners to provide expert security recommendations, review architectures, support waivers, and guide remediation strategies.
• Occasionally be available after hours to support security incidents, emergency responses, or operational escalations as required.

WHAT YOU LL NEED TO SUCCEED:

Education: BA or BS degree in Information Systems, Computer Science, Cybersecurity, or related discipline (Master s preferred).

Required Experience: Minimum 15+ years of experience in cybersecurity roles, with at least 3 5 years leading or managing security teams.

Required Skills:

• Demonstrated hands-on experience leading or directly supporting one or more areas: Authorization and Assessment and ATO lifecycle management, audits, vulnerability management, or cybersecurity engineering.
• Documented experience supporting federal audits, including SOC (1 or 2), OMB A-123, OIG, GSA or similar oversight reviews, with direct responsibility for audit evidence collection, meeting with auditors, control validation, remediation tracking, and response to findings.
• Proven experience defining and managing ATO boundaries and developing, maintaining, and updating System Security Plans, including control implementation narratives and supporting artifacts in accordance with NIST 800-53 requirements.
• Experience administering or overseeing enterprise vulnerability management portfolios, including coordinating remediation efforts, tracking POA&Ms, and reporting risk posture to leadership.
• Strong working knowledge of the NIST Risk Management Framework and federal cybersecurity compliance requirements, including NIST 800-53, FISMA, FedRAMP, and continuous monitoring requirements.
• Experience operating in hybrid IT environments, including both on-premises infrastructure and cloud environments.
• Demonstrated organizational and project management skills with ability to manage multiple initiatives simultaneously.
• Strong written and verbal communication skills for both technical and non-technical audiences.

Preferred Skills:

• Relevant certifications such as CISSP, CISM, CISA, Security+, AWS Security Specialty, or equivalent preferred.
• Experience developing executive-level dashboards and risk reports that clearly communicate compliance status, vulnerability trends, audit readiness, and overall security posture to senior leadership.
• Proven experience mentoring and coaching cybersecurity team members, including delivering formal or informal training and fostering skill development to improve team performance.

LOCATION: This position is full-time remote with travel as needed for special projects to the client site in Rockville, MD. There can also be opportunity to work from the customer site in Rockville, MD more regularly for those local to the area.