Assess and Authorize (A&A) Analyst

Foxhole Technology•Smryna, GA

6d•Remote

About The Position

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise – across the organization and around the world. The Assess & Authorize (A&A) Analyst supports a DoD customer Cybersecurity Assess & Authorize function to ensure information systems and technologies are assessed and authorized by the Authorizing Official (AO) prior to introduction and operation on the network. This role provides Information System Security Officer (ISSO)-equivalent support by executing the DoD Risk Management Framework (RMF) in accordance with DoDI 8510.01, NIST SP 800-37, and NIST SP 800-30, and by developing and managing authorization packages and continuous monitoring artifacts in eMASS. The analyst supports multiple system authorizations and contributes to cybersecurity reporting and metrics, including maintaining network connection approvals via SNAP.

Requirements

Active Secret security clearance
3-7 years of relevant cybersecurity / RMF / A&A experience
Core Tools and Knowledge : eMASS, DoDI 8510.01, NIST SP 800-37, NIST SP 800-30
DoD IAM Level III certification (one of the following): CISM, CISSP (or Associate), GSLC,CCISO

Responsibilities

Execute RMF activities and provide ISSO / ISSO-equivalent A&A support for assigned systems across the system lifecycle (assessment, authorization, operations, and continuous monitoring).
Support multiple Authorization to Operate (ATO), Authorization to Use (ATU), and Assess Only packages annually (approximately seven (7) authorization packages per year).
Develop, maintain, and submit complete RMF Executive Packages for each authorization, including: System Security Plan (SSP) Security Assessment Report (SAR) Risk Assessment Report (RAR) Plan(s) of Action and Milestones (POA&M) Authorization Decision Document
Register systems within the Enterprise Mission Assurance Support Service (eMASS) and use eMASS to support and automate RMF documentation, workflows, and reporting.
Manage and maintain system authorization artifacts in eMASS, ensuring accurate documentation of: Security controls and implementation status. Inheritance and shared control relationships. Risk posture and supporting evidence. POA&M creation, updates, and tracking. Authorization status and lifecycle updates.
Coordinate with system owners, ISSMs, assessors, engineers, and AOs to support: Assessment planning and execution. Remediation and risk mitigation activities. Risk acceptance decisions and authorization outcomes. Ongoing continuous monitoring activities.
Register and maintain all system/application connections in the Systems Network Approval Process (SNAP).
Produce and deliver monthly and annual SNAP registration metrics.
Support cybersecurity compliance, audit readiness, and reporting to ensure systems and technologies remain in an approved security posture.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume