Cybersecurity Assessment & Authorization SME

About The Position

Requirements

• Ten (10) years of relevant Risk Management Framework (RMF) and NIST A&A experience
• DOD cybersecurity experience
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
• Strong research, analytical, and problem-solving skills
• Strong understanding of DoD cybersecurity requirements, including documenting and developing artifacts for STIGs, TCG configuration guides, IAVMs, and Task Orders
• Exceptional ability to develop, maintain, and validate RMF artifacts and cybersecurity Documentation
• Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platforms
• Experience producing detailed analytics and trend reports using data from vulnerability scanners, configuration tools, and security platforms to support decision-making and inspection readiness
• Excellent written and verbal communication skills, including the ability to brief leadership and produce clear documentation
• Experienced in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures, and processes.
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud, information technology (IT), Industrial Control Systems (ICSs), or Operational Technology (OT) infrastructures.
• Required to possess a DOD SECRET Clearance and be eligible for an IT-II Non-Critical Sensitive Security clearance or Tier 3 (T3) upon assignment.
• Required Training Certifications: ACAS, Tanium
• Computing Environment: DLA-approved CE (D Account Access)
• Current Requirement: DOD 8570 - IAT 3
• Future Requirement: DOD 8140
• Proven ability to work independently and collaboratively with minimal oversight
• Ability to generate clear, accurate, and audit-ready cybersecurity reports, including vulnerability summaries, compliance status updates, and risk findings for technical and leadership audiences

Responsibilities

• Updates and tracks POA&M entries by documenting findings, logging remediation actions, and keeping milestone dates current to ensure issues move toward closure.
• Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization.
• Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization.
• Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.

Benefits

• medical, dental, and vision insurance
• life, and disability insurance
• a 401(k) plan with employer match
• paid holidays
• PTO (sick/vacation)
• commuter benefits
• employee assistance program (EAP)
• educational reimbursement
• Pet Insurance