Cybersecurity Assessment & Authorization SME

Cybersecurity Assessment & Authorization SME

Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes. Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization. Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.

Key Responsibilities

• Assessment & Authorization (A&A): Perform or advise on the RMF process for authorizing DoD information systems, including preparing and reviewing authorization packages
• Security Control Evaluation: Apply NIST 800-53 controls to assess compliance in large-scale IT infrastructures with multiple enclaves, AIS applications, and outsourced IT
• Vulnerability Analysis: Identify, assess, and determine the severity of vulnerabilities (e.g., non-compliant controls) and their impact on system authorization status
• POA&M Management: Develop, track, and update Plan of Action and Milestone Plans (POA&Ms) for remediation of control deficiencies
• Stakeholder Briefings: Present RMF progress, risk posture, and authorization status to senior management and technical teams
• Policy & Process Support: Ensure cybersecurity documentation, procedures, and processes align with DoD policies and enterprise standards
• Collaboration: Work with system owners, cybersecurity teams, and government representatives to resolve security findings and apply STIGs
• Emerging Tech Expertise: Support cybersecurity for cloud environments, Industrial Control Systems (ICS), Warehouse Execution Systems (WES), and Operational Technology (OT)

Typical Daily Tasks

• Run and analyze system/software scans for vulnerabilities.
• Coordinate with Information System Security Managers (ISSMs) on vulnerability management.
• Support Agile release processes with embedded testers.
• Review and move issues through the authorization process.
• Generate audit-ready reports on compliance, risk, and remediation status

Basic Qualifications

• Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience
• DOD cybersecurity experience
• Must have IA Level III Certification to meet 8140 compliance
• Must have a SECRECT Clearance and be able to obtain or currently possess IT-II Non-Critical Sensitive security clearance or Tier 3 (T3)
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
• Experienced in the general tenets supporting the overall DOD implementation of its
• authorization process, to include supporting cybersecurity policy, procedures, and processes.
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures.
• Undergraduate Degree Preferred.