Open Security Controls Assessment Language (SME) (TS/SCI)

Koniag Government Services, LLC•Washington, DC

45d•Hybrid

About The Position

Koniag IT Systems, a Koniag Government Services company, is seeking an Open Security Controls Assessment Language SME with an active TS/SCI to support KITS and our government customer at the Mark Center, Alexandria, VA. This is a hybrid opportunity that requires 1-4 days of onsite work. We offer competitive compensation and an extraordinary benefits package including health, dental, and vision insurance, 401K with company matching, flexible spending accounts, paid holidays, three weeks paid time off, and more. We are seeking an experienced Open Security Controls Assessment Language (OSCAL) Subject Matter Expert (SME) to support the design, implementation, and optimization of automated security compliance and risk management solutions. The OSCAL SME will play a critical role in advancing our cybersecurity compliance initiatives by enabling machine-readable security documentation, enhancing interoperability, and streamlining authorization processes across multiple federal frameworks.

Requirements

TS/SCI security Clearance required.
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field (or equivalent work experience).
15+ years of experience in cybersecurity compliance, security assessment, or risk management.
Hands-on expertise with OSCAL schema, XML/JSON/YAML, and associated validation tools.
Deep knowledge of NIST frameworks (NIST SP-800-53 Rev. 5, NIST SP-800-37 Rev. 2 RMF, NIST Cybersecurity Framework [CSF 2.0]) and federal compliance standards (e.g., FedRAMP, FISMA, DoD RMF [DoDI 8510.01]).
Experience with cybersecurity documentation automation and Governance, Risk, and Compliance (GRC) platforms.
Excellent communication and technical writing skills.
Ability to work on-site 1-4 days a week.

Nice To Haves

Experience of contributing to or collaborating with the NIST OSCAL community.
Familiarity with DevSecOps pipelines, CI/CD automation, and security-as-code practices.
Understanding of cloud service provider (CSP) compliance processes (AWS, Azure, GCP, etc.).
Active security certification (e.g., CISSP, CISM, CAP, CCSP).

Responsibilities

Serve as the technical expert for OSCAL adoption, implementation, and integration within federal compliance programs (e.g., FedRAMP, NIST RMF, DoD).
Develop, validate, and maintain OSCAL-based artifacts, including system security plans (SSPs), assessment plans, assessment results, and POA&M packages.
Provide guidance on mapping security controls to OSCAL models and ensuring alignment with NIST standards.
Support automation of ATO/authorization workflows by integrating OSCAL with governance, risk, and compliance (GRC) tools.
Collaborate with system owners, security assessors, and compliance teams to improve efficiency in security control assessment and reporting.
Deliver training, documentation, and best practices to internal teams and customers on OSCAL adoption.
Provide support and recommendations for the Department of Defense OSCAL standards development.
Stay current with OSCAL federal policy changes and industry adoption trends.