Compliance / Security Engineer TS SCI

Aperio Global•Fort Meade, MD

1d•$200,000 - $220,000

About The Position

We are seeking a highly experienced Compliance / Security Engineer to lead Authorization to Operate (ATO) and Interim Authority to Test (IATT) workstreams within a high-security DoD program environment. This dedicated role is embedded directly with the program team and requires an expert-level practitioner capable of operating across classification boundaries. The ideal candidate brings deep practical experience operationalizing security frameworks in deployed, classified environments.

Requirements

Active TS/SCI clearance (no exceptions).
5+ years of hands-on experience leading ATO/IATT workstreams in DoD or IC environments.
Expert-level knowledge of NIST Risk Management Framework (RMF) — SP 800-37, SP 800-53, and related publications.
Demonstrated experience operationalizing DISA STIGs across Linux, Windows, and network infrastructure.
Working knowledge of Cross-Domain Solutions (CDS) architecture, accreditation, and operational requirements.
Proficiency with eMASS or equivalent DoD authorization tools.

Nice To Haves

CISSP, CAP (Certified Authorization Professional), or equivalent DoD 8570/8140 IAM Level III certification.
Experience supporting DISA programs or working within the DISA RMF process directly.
Familiarity with cloud-based deployment environments (AWS GovCloud, Azure Government) and associated security frameworks.
Experience with zero-trust architecture concepts and implementation in classified environments.

Responsibilities

Lead end-to-end ATO and IATT workstreams, coordinating with government stakeholders, ISSOs, and program leadership to ensure timely authorization milestones.
Operationalize DISA STIGs across system components; develop and maintain STIG checklists, deviation requests, and risk acceptance documentation.
Map security controls to deployment architectures, ensuring continuous compliance alignment with NIST RMF steps (Categorize → Authorize → Monitor).
Design and support Cross-Domain Solutions (CDS) implementations; liaise with accreditation authorities for cross-domain data transfer approvals.
Develop, review, and maintain System Security Plans (SSP), Security Assessment Reports (SAR), Plans of Action & Milestones (POA&M), and related RMF artifacts.
Conduct continuous monitoring activities and coordinate vulnerability remediation with engineering teams.
Interface directly with DISA and other DoD oversight bodies throughout the authorization lifecycle.