Information Security Subject Matter Expert (SME)

ABOUT NOOKS

Are you seeking an exciting and unique opportunity to grow and support our national security? As a startup, we are offering a limited-time opportunity to be an equity owner in a pioneering new industry. Nooks is pioneering Classified Infrastructure-as-a-Service (CIaaS) to provide government and industry partners with the fastest, most efficient access to classified infrastructure. We are building a nationwide network of accredited classified spaces and systems, ensuring that the best technologies equip our nation’s warfighters. At Nooks, we value innovation, collaboration, and a service-first mindset.

ABOUT THE ROLE

We are seeking a highly specialized and experienced Information Security Subject Matter Expert (SME) to manage, lead, and administer the information security program for Sensitive Compartmented Information (SCI) systems and networks across the entire US Space Force classified enterprise. This critical role is dedicated to protecting SCI data from unauthorized access, compromise, disruption, modification, or destruction.

The SME will serve as the authoritative Information Security resource for the HQ Special Security Officer (SSO) and Information System Security Manager (ISSM). The role involves providing expert guidance on system security planning, compliance with ICD 503 and CNSSI 1253, incident response, and continuous monitoring of classified IT infrastructure.

KEY RESPONSIBILITIES:

1. System Security Planning and Compliance

• Regulatory Oversight: Serve as the Subject Matter Expert for all regulations pertaining to SCI Information Security, including ICD 503 (Security for Information Systems), CNSSI 1253, and relevant DoD/AFMAN directives.
• Vulnerability Management: Proactively identify system security vulnerabilities and provide expert recommendations for corrective actions and the implementation of appropriate security controls.
• Policy and Procedure Development: Lead the development, implementation, and maintenance of comprehensive security policies, procedures, and guidelines for SCI systems and networks across the enterprise.
• Risk Management Framework (RMF): Support the RMF process by ensuring security controls are properly implemented, documented, and assessed to maintain system Authority to Operate (ATO).

2. Incident Response and Operations

• Incident Response Leadership: Lead and participate in all security incident response activities, including the identification, containment, eradication, and recovery from security incidents impacting SCI systems.
• SOP Development: Develop and maintain detailed Standard Operating Procedures (SOPs) for security incident instigation, mitigation, and reporting activities.
• Coordination: Coordinate incident response and forensic activities with the ISSM, SSO, command leadership, law enforcement, and other government agencies as required.
• Monitoring and Reporting: Stay up-to-date on the latest security threats, vulnerabilities, and technologies to inform defensive strategies.

3. Content Review and Security Awareness

• Security Awareness and Training: Develop and deliver advanced security awareness training programs to educate personnel on their information security responsibilities. Conduct initial and recurring security briefings for personnel with access to SCI systems and networks.
• Prepublication Reviews: Develop and manage SOPs for pre-publication reviews of classified information. Serve as a liaison between the requestor and Subject Matter Experts to ensure timely and compliant reviews are completed.
• Classification Management: Serve as a liaison between requestors and Subject Matter Experts to ensure accurate classification level reviews are completed. Maintain the repository of applicable SCI Security Classification Guides (SCGs).

4. Compliance, Audits, and Liaison

• Audits and Inspections: Lead and coordinate internal self-inspections and serve as the Information Security expert during external government compliance audits and inspections (e.g., DCSA, customer-led) across all USSF sites.
• Compliance Reporting: Prepare and submit required security reports. Maintain accurate records of security incidents, investigations, and compliance activities.
• Collaboration: Work closely with the SSO, Physical Security SME, and Personnel Security SME to ensure a unified and comprehensive security posture.

THE SKILLSET:

• Experience: Minimum 10 years of dedicated professional experience in Information Security, with a significant focus on SCI security and networks within the U.S. Defense Industrial Base or Intelligence Community.
• Clearance: Must possess and maintain an Active Top Secret (TS) / Sensitive Compartmented Information (SCI) eligibility security clearance. U.S. Citizenship is required.
• Regulatory Expertise: Expert-level, current knowledge of U.S. government Information Security regulations, specifically ICD 503 and CNSSI 1253.
• Technical Knowledge: Strong understanding of information security principles, network security protocols, cloud security principles, and expertise with operating systems such as Windows and Linux.
• Skills: Excellent communication, problem-solving, and analytical skills. Proven ability to handle sensitive information with discretion and maintain confidentiality.

PREFERRED QUALIFICATIONS:

• Education: Bachelor's degree in Computer Science, Information Systems, or a related field.
• Certification: Current security certification such as Security Professional Education Development (SPeD) or CISSP (Certified Information Systems Security Professional).
• Experience: Direct, embedded experience supporting a US Space Force or other Combatant Command Special Security Office (SSO) with direct responsibility for secure networks.

This position requires the ability to travel to USSF and partner facilities, work in Sensitive Compartmented Information Facilities (SCIFs), and involves physical requirements such as climbing stairs/ladders or working in confined spaces to complete facility inspections and assessments.

This employment offer is contingent upon continued funding of the underlying government contract. Should the contract be modified, or terminated, or if funding is reduced or eliminated, the employer reserves the right to adjust or rescind the offer accordingly.