Senior ATO/A&A Subject Matter Expert

About The Position

Requirements

• Leads analysis of ACAS scan reports to identify, prioritize, and track application-level vulnerabilities, and coordinates remediation of STIG and ACAS findings with technical teams.
• Creates, documents, and manages Plans of Action and Milestones (POA&Ms) in eMASS for security findings that cannot be immediately remediated.
• Implements and maintains a continuous monitoring strategy under the Risk Management Framework (RMF), including control tailoring, assessment, tracking, and formal risk reporting to stakeholders.
• Serves as primary cybersecurity liaison, coordinating with the ISSM and other stakeholders to integrate cybersecurity requirements and security policy compliance throughout the system lifecycle.
• Conducts system compliance assessments and supports A&A/ATO activities, ensuring adherence to NIST SP 800-53 and NIST SP 800-37, and maintains PPSM documentation while reporting noncompliance findings.
• Bachelor's degree in Cybersecurity, Information Assurance, Information Systems, Information Technology, or related field
• Seven (7) years of experience supporting cybersecurity compliance, ISSO functions, information assurance, governance/risk/compliance (GRC), or related security activities.
• Public Trust clearance

Nice To Haves

• Be a positive, self-motivated, and proactive person with the ability to adapt to change and tolerate stressful situations
• Candidate must communicate effectively with team members, team lead, management, and government customer
• Must have the ability and desire to research and develop creative solutions to unique problems with minimal supervision
• Experience using the JCAM system

Responsibilities

• Leads the analysis of weekly Assured Compliance Assessment Solutions (ACAS) scan reports to identify and prioritize application-level vulnerabilities and drives remediation of Security Technical Information Guide (STIG) and ACAS findings by working directly with the technical team.
• Creates, documents, and manages Plans of Action and Milestones (POA&Ms) in eMASS for all open findings that cannot be immediately remediated.
• Implements and manages the continuous monitoring strategy, including tailoring, collecting, and reporting on all applicable Risk Management Framework (RMF) controls, and provides formal risk management status reports to the government.
• Serves as the primary cybersecurity liaison, coordinating with the Information System Security Manager (ISSM) and other stakeholders to review security policies and ensure cybersecurity is integrated throughout the program lifecycle.
• Ensures Ports, Protocols, and Services Management (PPSM) documentation is accurately maintained and updated.
• Conducts objective evaluations of system compliance against applicable security controls, standards, and procedures, and reports all noncompliance findings to the government.
• Applies extensive knowledge of security regulations and security assessments, including the development of numerous security Assessment and Authorization (A&A) packages and Authorizations to Operate (ATOs) for a variety of systems, including classified environments.
• Demonstrates strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37, with experience using the JCAM system preferred.