Responsibilities
- Act as the primary technical expert for Risk Management Framework (RMF) cybersecurity evaluations and system authorization planning.
- Create and revise System Security Plans (SSPs) as part of RMF compliance documentation.
- Create and revise Security Control Traceability Matrices (SCTMs) to align security controls with requirements.
- Create and revise Configuration Management Plans to ensure system integrity.
- Create and revise Incident Response Plans to address potential cybersecurity events.
- Create and revise Continuous Monitoring (CONMON) Plans for ongoing system oversight.
- Create and revise Plans of Action and Milestones (POA&Ms) and Security Assessment Reports (SARs).
- Support Interim Authority to Test (IATT), Authority to Connect (ATC), and Authority to Operate (ATO) processes by collaborating with engineering teams and Authorizing Officials.
- Conduct system-wide assessments of security controls based on NIST SP 800-53 and verify overall security posture.
- Analyze risks from external system connections and assist in ATC approvals through boundary protection design.
- Perform vulnerability and compliance assessments using tools like ACAS, Tenable Security Center, STIG Viewer, and Evaluate STIG.
- Collaborate with development and infrastructure teams to establish, verify, and sustain secure system configurations.
- Manage and improve continuous monitoring procedures, gather performance data, track identified issues, and coordinate with ISSMs and stakeholders.
- Prepare and maintain cybersecurity documentation necessary for accreditation submissions.
- Provide input on security implications of configuration changes, software releases, or system updates.
Benefits
- Comprehensive medical, dental, and vision insurance coverage
- Paid time off for vacation and personal use
- 401(k) retirement savings plan
- Life insurance protection
- Flexible work hours to support work-life balance
- Paid holidays aligned with personal and professional needs
Work Arrangement
Hybrid
Other
- A current Secret security clearance is mandatory for this role.
- The job will remain open for at least 3 days and typically up to 30 days, or until a suitable candidate is hired or the position is withdrawn.
- The company is an equal opportunity employer and considers all qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, or other protected characteristics.
