SME - Cyber Security - Security Control Assessor

Job Description

Galaxia Technologies Inc. is seeking a Subject Matter Expert (SME) - Cyber Security to rapidly advance the assessment and implementation of mission-critical systems. As a Cyber Security SME, you will provide expert guidance to enhance the organization's security posture, mitigate risks, and ensure compliance with industry standards. You will collaborate with cross-functional teams and leadership to assess and conduct gap analysis of innovative, scalable, and resilient security solutions.

Key Responsibilities:

• Conduct independent, in-depth evaluations of system security controls to ensure compliance and a strong cybersecurity hygiene.
• Serve as a technical expert on cybersecurity matters, providing guidance on risk management, threat mitigation, and compliance strategies.
• Oversee vulnerability assessments, penetration testing, and threat modeling to identify gaps/risks and recommend corrective actions.
• Evaluate and provide recommendations on security policies, frameworks, and standards aligned with NIST, ISO 27001, GDPR, and DoD RMF requirements.
• Collaborate with engineering, operations, and leadership teams to integrate security best practices into system and software development lifecycles (SDLC).
• Stay updated on emerging cybersecurity threats, technologies, and regulations to maintain a cutting-edge security strategy.
• Mentor and train team members on cybersecurity practices and tools.
• Present security assessment reports, recommendations, and metrics to senior leadership and stakeholders.

Required Skills and Qualifications:

• Bachelor’s degree in Cybersecurity, Computer Science, or a related field, and 15+ years of experience in cybersecurity architecture; or Master’s degree and 13+ years of experience.
• 15+ years of progressive experience as a cybersecurity engineer securing and assessing large scale/complex enterprise software efforts
• 5+ years of commercial industry experience with a proven track record of successfully securing and assessing complex enterprise software projects
• Advanced knowledge of threat analysis, vulnerability management, and incident response best practices.
• Knowledge reviewing the outputs from security tools, including SIEMs, firewalls, IDS/IPS, and endpoint protection solutions.
• Expert knowledge of security frameworks, compliance standards, and regulations (e.g., NIST, ISO 27001, GDPR, DoD RMF).
• Detailed understanding of and experience with identity and access management (IAM), encryption technologies, network/cloud security, and secure software development best practices.
• Proficiency in conducting threat modeling and risk analysis to identify and mitigate vulnerabilities.
• Expert problem-solving and analytical skills in addressing complex, large-scale security challenges.
• Excellent communication skills for engaging with leadership, stakeholders, development teams, and industry or academic communities.
• Ability to obtain and maintain a TS/SCI clearance and willingness to take a CI polygraph.

Highly Desired Qualifications:

• Certifications such as CISSP, CISM, CEH, GIAC, or CCSP.
• Experience securing government or defense-related systems and environments.
• Expertise in advanced threat detection, threat hunting, and forensic analysis.
• Knowledge of DevSecOps practices and integrating security into CI/CD pipelines.
• Familiarity with zero-trust architectures and AI-driven security technologies.
• Experience working in highly classified environments supporting the IC/DoD for operational missions

Pay Range:

$200,000 – $310,000 base compensation.

This range represents the good-faith estimate of the base compensation we expect to pay for this role at the time of hire. Actual compensation will depend on factors such as experience, qualifications, and geographic location. In addition to base compensation, we offer excellent benefits.

Our mission is clear: to harness deep technical expertise to lead with purpose and deliver outcomes that empower our clients to create globally impactful solutions. We are committed to building robust, scalable, user-friendly, and secure systems tailored to meet the distinct needs of each client.