Cyber Security SME

About The Position

Requirements

• 5+ years of progressive experience in cybersecurity, with at least 3 years supporting federal ATO/ATC processes.
• In-depth knowledge of NIST RMF, FedRAMP, and Zero Trust Architecture frameworks.
• Experience collaborating with ISSOs, ISSMs, SCAs, and engineering teams.
• Familiarity with AWS cloud environments and DevSecOps pipelines.
• Strong technical understanding of network security, IAM, encryption, and vulnerability management.
• Excellent communication and coordination skills.
• Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Must have a current TS/SCI
• A Bachelor's degree in Computer Science, Information Systems, or a related field is required for this position

Nice To Haves

• CISSP, CISM, CAP, or equivalent cybersecurity certification.
• Experience with containerized applications, infrastructure as code (IaC), and continuous compliance tools.

Responsibilities

• ATO/ATC Support: Lead and coordinate efforts to obtain and maintain ATO/ATC for production systems, ensuring compliance with applicable security frameworks.
• Collaboration Across Teams: Partner with Development, Cloud, and DevSecOps teams to integrate security throughout the SDLC and CI/CD pipelines, ensuring secure-by-design implementations.
• Architecture & CONOPS Coordination: Review and contribute to system architectures, data flows, and Concept of Operations (CONOPS) documents to ensure alignment with Zero Trust principles and organizational security policies.
• Security Findings Management: Support and track the remediation of vulnerabilities and deficiencies identified through scans, assessments, and audits; create and manage Plans of Action & Milestones (POA&Ms) as required.
• Cybersecurity Standards Development: Develop and maintain enterprise cybersecurity standards, guidelines, and best practices to ensure consistent implementation of security controls across all program systems.
• Continuous Monitoring: Support ongoing assessment and authorization (A&A) activities, including risk assessments, configuration management, and continuous monitoring reporting.
• Zero Trust Implementation: Guide teams in applying Zero Trust Architecture (ZTA) principles—identity-centric access control, micro-segmentation, least privilege, and continuous validation—to all system designs and processes.