Analysis Method: NICE Framework Mapping
Analysis of position description: (Analysis generated using: claude)
The Maritime Cyber Security SME provides expert guidance on maritime cybersecurity policies, compliance, and risk management for the Maritime Administration (MARAD). Key responsibilities include supporting IT/OT cybersecurity for MARAD programs, overseeing security control implementations, and managing compliance activities.
4/9/25, 11:15 AM
Maritime Cyber Security SME - Federal Careers
1/5
�
6
x
Maritime Cyber Security SME
Washington, DC, United States (Remote)
JOB DESCRIPTION
Maritime Cybersecurity SME
This position requires U. S. Citizenship and an active
Public Trust clearance or the ability to obtain a Public
Trust clearance to be considered.
We are seeking a Cyber Security Subject Matter Expert
(SME) to support the Maritime Administration (MARAD)
within the U.S. Department of Transportation. The SME
will play a critical role, serving as an authoritative resource
relative to maritime cybersecurity policy development,
compliance, and cybersecurity program enhancement.
This position requires close collaboration with MARAD,
interagency partners, and the maritime industry to
strengthen cybersecurity initiatives.
Maritime Cybersecurity SME Responsibilities Include:
Manage Preferences
Provide expert guidance on maritime cybersecurity
policies, compliance, and risk management.
4/9/25, 11:15 AM
Maritime Cyber Security SME - Federal Careers
2/5
This page uses cookies. Please review our cookie policy.
Maritime Cybersecurity SME Experience, Education,
Skills, Abilities requested:
10+ years of experience in cybersecurity, with expertise
in maritime/vessel cybersecurity, IT/OT security, and
federal cybersecurity policies.
Strong knowledge of NIST RMF, NIST Cybersecurity
Framework (CSF), FISMA, and U.S. Coast Guard and
Skip to main content.
4/9/25, 11:15 AM
Maritime Cyber Security SME - Federal Careers
3/5
International Maritime Organization cybersecurity requirements.
Experience with Continuous Diagnostics and Mitigation (CDM), Information
Security Continuous Monitoring
(ISCM), and Identity, Credential, and Access Management (ICAM).
Proven ability to lead cybersecurity assessments,
compliance audits, and risk management activities. Understanding of the
principles, methods, and tools of quality assurance and quality control used to
ensure a product fulfills functional requirements and standards. Proficiency in
Microsoft Office Suite, Power BI, Tableau, and SharePoint.
Certifications:
Required: CISSP or CISM
Preferred: CompTIA Network+, Security+, Certified Information Privacy Manager
(CIPM), CEH
Must pass pre-employment qualifications of
JOB INFO
Job Identification
28299
Job Category
Engineering
Posting Date
03/21/2025, 11:51 AM
Apply Before
04/13/2025, 09:00 PM
Degree Level
Bachelor's Degree
Job Schedule
Full time
Job Shift
Day
Locations
4/9/25, 11:15 AM
Maritime Cyber Security SME - Federal Careers
4/5
Skip to main content.
(Remote)
Regular or Temporary
Regular
4/9/25, 11:15 AM
Maritime Cyber Security SME - Federal Careers
5/5
This page uses cookies. Please review our cookie policy.
Manage Preferences
Generated by CHRIS (Cybersecurity Human Resource Intelligence System)
Each resource is assigned a relevance score (0-1) based on:
Found 5 relevant resources with a relevance score above 0.30:
This module focuses on the relationship between threats and vulnerabilities and on the trade-offs that must be considered to effectively manage risk. It describes common system threats and attacks and the actors/agents that would perform them. It addresses mechanisms that can be implemented to secure systems. A discussion on ethical issues relating to vulnerability management is provided.
Divided into 3 Micromodules
Primary Learning Objective
The student will be able to identify basic security concepts and concerns, including risks, threats, and vulnerabilities; be able to describe the tradeoffs associated with securing a system; be able to recognize common threats to network security and associated security controls to manage those threats; and be able to explain ethical issues associated with vulnerability management.
Online Interactives: https://www.cssia.org/interactives/
This course is intended for undergraduate students in information technology majors to study cybersecurity fundamentals with “hands-on” learning.
The course examines the study of planning and managing cybersecurity within a TCP/IP network environment. This is a case-study based course. Cases come from recent real-life cybersecurity breaches or exploits. Students look into case details and learn how these breaches could have been prevented.
The course has the following 18 submodules:
8 subject modules:
Module 1: Dissecting Recent Cyber Breaches
Module 2: Email Security
Module 3: Web Security
Module 4: Network Security and DDoS Attacks
Module 5: Access Control
Module 6: Firewall and IDS
Module 7: Cryptography
Module 8: Malware
10 case study modules:
Module 9: Target Breach
Module 10: Anthem Breach
Module 11: DDoS Attacks
Module 12: IoT DDoS Attacks
Module 13: OpenSSL Heartbleed
Module 14: Equifax Breach
Module 15: Password Management
Module 16: Business Hacking
Module 17: CPU Meltdown
Module 18: WannaCry
This module covers how to control risk to the network through appropriate remediation techniques. It introduces the concept of the Security Design Life Cycle (SDLC) and the importance of building security in at initiation, rather than “bolting” it on afterwards. In ICS and other SCADA systems, this may not be possible. Foundation guidelines and policies for controlling risk and personnel behavior will be addressed. An enumeration of network protection systems will be provided, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS).
The module discusses the importance of digital signatures to providing device authentication, and how vulnerabilities specific to ICS systems relate to remediation techniques. Additionally, it covers common vulnerabilities found in ICS systems and techniques to identify vulnerabilities, as well as remediation techniques.
Students will be able to list and describe the security principles of least privilege, complete mediation, separation of privilege, fail-safe, deny-by-default, and open design. They will be able to identify the use and discuss the implications of using these principles in each scenario. Additionally, students will be able to identify violations of these principles in a given scenario. They will also be able to describe the cost and usability tradeoffs associated with designing security into a product with respect to these principles. This micromodule includes a presentation and a lab.
The CISA Threat Sandbox Challenges are a collection of hands-on experiences based on entries from the CISA Known Exploited Vulnerability (KEV) Catalog that provide students the opportunity to learn the tools, techniques, and procedures (TTPs) needed to show competency in exploiting and mitigating KEVs. For additional information, please visit the official XP Cyber blog post: Introducing the CISA Threat Sandbox Challenges!
In this CISA Threat Sandbox Challenge, the participant will act as a Cyber Operator to complete the following:
Your mission in this CISA Threat Sandbox Challenge is to learn about CVE-2018-7600, a dangerous remote code execution (RCE) vulnerability sometimes referred to as Drupalgeddon2, and then exercise that knowledge along with your offensive and defensive cyber skills. You will be provided with real-world, authoritative reference materials that cover details critical to understanding the offensive and defensive angles of this CVE. After learning about the CVE, you will be asked to complete two technical objectives, one red team (offensive) and one blue team (defensive), related to the CVE:
All exploit code and software packages required to complete these objectives will be provided within the workspace.
Only Available via the XP Cyber Range
The CISA Threat Sandbox Challenges is a collection of challenges within the XP Cyber Workforce Challenges Catalog, which is comprised of hands-on, real-world cybersecurity scenarios designed to bring the cyber workforce experience to students before they enter the workforce. The challenges are available through the XP Cyber Range, where educators and students from U.S.-based educational institutions can attempt challenges with only a desktop-class web browser and internet connection.
To learn more about the XP Cyber Range and sign up for US Educator Range Access, visit the official XP Cyber Website.