Cybersecurity Assessment and Authorization SME

About The Position

Requirements

• Demonstrated DoD cybersecurity experience with strong understanding of DoD cybersecurity requirements, policies, procedures, and authorization processes supporting complex enterprise environments.
• Proven experience assessing security controls and conducting authorization reviews for large, complex organizations, including supporting Risk Management Framework (RMF) activities and artifact development.
• Advanced knowledge of cybersecurity documentation and artifacts, including STIGs, technical configuration guides (TCGs), IAVMs, Task Orders, and comprehensive RMF package development, maintenance, and validation.
• Experience identifying, documenting, tracking, and updating POA&M items, including remediation actions, milestone management, and vulnerability resolution to ensure audit readiness and closure.
• Strong analytical, research, and problem-solving skills with proficiency in data analysis and reporting tools such as Microsoft Excel, Access, Power BI, and Power Platform to produce vulnerability, compliance, and risk analytics.
• Excellent communication skills with ability to generate audit-ready cybersecurity reports, deliver briefings to leadership, and support decision-making across emerging technology environments including Cloud, IT, ICS, and OT systems.
• Ten (10) years relevant experience with Risk Management Framework (RMF) and NIST A&A
• IAT III or higher certification
• ACAS training module/course completion
• Tanium training module/course completion
• DLA approved Computing Environment certification
• Minimum Clearance Secret

Nice To Haves

• Be a positive, self-motivated, and proactive person with the ability to adapt to change and tolerate stressful situations
• Candidate must communicate effectively with team members, team lead, management, and government customer
• Must have the ability and desire to research and develop creative solutions to unique problems with minimal supervision

Responsibilities

• Serves as a cybersecurity Subject Matter Expert (SME) for the Assessment and Authorization (A&A) of information systems, ensuring compliance with all applicable cybersecurity policies, standards, and procedures.
• Executes Department of Defense (DoD) cybersecurity processes, either leading system authorization efforts or providing expert guidance to systems undergoing authorization.
• Applies in-depth knowledge of NIST SP 800-53 security controls to assess and authorize complex enterprise environments composed of diverse infrastructures, including large and small enclaves, applications, and outsourced IT services.
• Evaluates identified vulnerabilities, determines their severity, and analyzes their potential impact on system authorization status.
• Provides clear, concise briefings to senior leadership on Risk Management Framework (RMF) progress, findings, and authorization outcomes, supporting informed decision-making and risk management.