Cybersecurity A&A Subject Matter Expert

Magnus Management Group LLC
Remote

About The Position

We are seeking an experienced Cybersecurity Assessment & Authorization (A&A) Subject Matter Expert (SME) to support Department of Defense (DoD) cybersecurity programs. The A&A SME will lead Risk Management Framework (RMF) activities, support the Authorization to Operate (ATO) lifecycle, and provide expert guidance on cybersecurity compliance for complex enterprise environments, including traditional IT, cloud-hosted systems, operational technology (OT), applications, and outsourced IT services. The position requires expertise in NIST SP 800-53, DoD cybersecurity policies, and enterprise risk management.

Requirements

  • Minimum five (5) years of relevant experience in Assessment & Authorization (A&A), Certification & Accreditation (C&A), Risk Management Framework (RMF), and NIST cybersecurity compliance within a DoD environment.
  • Demonstrated experience conducting security control assessments and authorization reviews for large, complex organizations.
  • Strong knowledge of NIST SP 800-53, DoDI 8510.01, DoD RMF, continuous monitoring, and cybersecurity governance.
  • Excellent analytical, technical writing, communication, and briefing skills.
  • DoD 8570/8140 Baseline Certification – IAM Level III (e.g., CISSP, CISM, GSLC, or equivalent approved certification).

Responsibilities

  • Serve as the cybersecurity SME for Assessment & Authorization (A&A) and RMF activities.
  • Lead and support the development, review, and maintenance of RMF authorization packages, including SSPs, SARs, POA&Ms, and ATO documentation.
  • Assess security controls in accordance with NIST SP 800-53 and DoD cybersecurity requirements.
  • Evaluate vulnerabilities, determine residual risk, and recommend risk mitigation strategies to support authorization decisions.
  • Conduct security control assessments and continuous monitoring activities to maintain system authorization.
  • Support enterprise cybersecurity compliance for on-premises, cloud, and hybrid environments.
  • Advise Information System Owners (ISOs), ISSMs, ISSOs, engineers, and Authorizing Officials throughout the RMF process.
  • Prepare executive-level briefings and communicate cybersecurity risks, authorization status, and remediation recommendations to senior leadership.
  • Ensure compliance with DoD cybersecurity policies, DISA STIGs, and applicable federal security standards.

Benefits

  • 401(k)
  • Dental insurance
  • Health insurance
  • Paid time off
  • Vision insurance
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service