Job Summary
We are seeking an experienced Cybersecurity Assessment & Authorization (A&A) Subject Matter Expert (SME) to support Department of Defense (DoD) cybersecurity programs. The A&A SME will lead Risk Management Framework (RMF) activities, support the Authorization to Operate (ATO) lifecycle, and provide expert guidance on cybersecurity compliance for complex enterprise environments, including traditional IT, cloud-hosted systems, operational technology (OT), applications, and outsourced IT services. The position requires expertise in NIST SP 800-53, DoD cybersecurity policies, and enterprise risk management.
Key Responsibilities
- Serve as the cybersecurity SME for Assessment & Authorization (A&A) and RMF activities.
- Lead and support the development, review, and maintenance of RMF authorization packages, including SSPs, SARs, POA&Ms, and ATO documentation.
- Assess security controls in accordance with NIST SP 800-53 and DoD cybersecurity requirements.
- Evaluate vulnerabilities, determine residual risk, and recommend risk mitigation strategies to support authorization decisions.
- Conduct security control assessments and continuous monitoring activities to maintain system authorization.
- Support enterprise cybersecurity compliance for on-premises, cloud, and hybrid environments.
- Advise Information System Owners (ISOs), ISSMs, ISSOs, engineers, and Authorizing Officials throughout the RMF process.
- Prepare executive-level briefings and communicate cybersecurity risks, authorization status, and remediation recommendations to senior leadership.
- Ensure compliance with DoD cybersecurity policies, DISA STIGs, and applicable federal security standards.
Minimum Qualifications
-
Experience: Minimum five (5) years of relevant experience in Assessment & Authorization (A&A), Certification & Accreditation (C&A), Risk Management Framework (RMF), and NIST cybersecurity compliance within a DoD environment.
- Demonstrated experience conducting security control assessments and authorization reviews for large, complex organizations.
- Strong knowledge of NIST SP 800-53, DoDI 8510.01, DoD RMF, continuous monitoring, and cybersecurity governance.
- Excellent analytical, technical writing, communication, and briefing skills.
Education
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field (or equivalent experience, if permitted by contract).
Certifications
Required: DoD 8570/8140 Baseline Certification – IAM Level III (e.g., CISSP, CISM, GSLC, or equivalent approved certification).
This is a remote position.