Project-Manager-Cybersecurity-Sample-Job-Description (Word document)
Note: This sample job description is provided as an example only. Each section should be carefully updated to reflect your specific requirements prior to being copied and pasted into a GOVPROP job profile.
- Technical and operational management of the program team consisting of company employees, subcontract staff, and expert product consultants, responsible for all aspects of program delivery
- Develop, cultivate, and manage relationships with the client and to keep the program delivering as scheduled and budgeted
- Obtain and monitor commitments for tasks/deliverables from persons or groups within and outside of the program team.
- Create comprehensive program tools and documentation including client deliverables (monthly status reports, staffing plans, WBS, PMP, IMS, Risks and acquisition management plans), and closely managing the program team to successful completion, evaluating program, project, and task-level schedule variances, proactively managing serge requirements, updating project schedules as contributing factors change, managing resource allocation, and evaluating, documenting, and monitoring risks and implementing risk mediation plans.
- Conducting program team meetings, tracking issues, decisions, action items, and following-up between meetings to drive issues to closure.
- Project Charter
- Project management approach or strategy
- Scope Statement
- Project objectives
- Project deliverables
- Work Breakdown Structure (WBS)
- Cost estimates, schedule and responsibility assignments for deliverables
- Measurement baselines for scope, schedule and cost
- Major milestones, reviews and target dates
- Required staff
- Quality assurance and control
- Configuration management and control
- Risk management
- IT, facilities and security plans
- Action plans
Job Out of Scope Items:
- Proposal management
- Capture management
- Proposal pricing
- Final Top Secret clearance with eligibility for SCI access (no exceptions)
- Bachelor’s Degree in an IT-related field
- PMP certification is preferred
- 15+ years of progressive cyber security experience inclusive of:
- 5+ years of Program and Project Management experience including specialized experience in managing highly-technical teams of 15+ individuals, and
- 8+ years of experience and proven success as a Cyber Security Engineer performing advanced cyber security services as described
- Experience managing very high visibility, high impact Cyber Security projects
- Proven knowledge and experience in managing projects in support of Federal government customers
- Expertise in consulting with clients to define needs and issues, developing requirements, and analyzing findings to advise and recommend solutions to clients
- Superior interpersonal, communication, presentation, and writing skills.
- Expertise working directly with executive and senior-level clients
- Proven ability to effectively manage multiple work streams, competing requirements and multiple schedules and to facilitate coordination and reconciliation between different stakeholders with the aim of delivering a comprehensive solution that meets and exceeds expectations
A qualified candidate will have extensive hands-on experience and deep familiarity with the following concepts and a vast majority of the following tools.
- Intrusion detection and prevention
- Security Information and Event Management (SIEM)
- Capture, analysis, and security storage of network payload data; deep network packet inspection
- Analytic visualization, investigation, discovery of and response to malicious activity
- Advanced malware analysis and reverse engineering
- Development of comprehensive security-based requirements and SRTMs
- Design and development of security reference architectures
- Advanced security assessment (hardware, software, source code, open source and other components)
- Comprehensive security assessment
- Personnel and physical security
- Source code assessment including input validation and representation, API abuse, code quality. Tools: Fortify, Breakman, RATS, Checkmarx
- Application Assessment including authentication mechanisms, SQL injection, fuzzing, parameter pollution. Tools: WebInspect, Acunetix, Burp Suite, IDA Pro, Remnux
- Network Device assessment including configuration (DISA STIGs), firmware compliance, and access controls.
- Database assessment including configuration, access controls, patch compliance and pen testing. Tools: AppDetective, Nessus, Nexpose
- Middleware assessment including configuration, patch compliance and user rights. Tools: Metasploit, Nessus, Nexpose, Core Impact