DOJ - Sr. ATO SME -

About The Position

Requirements

• Active Public Trust clearance
• 7+ years of experience in IT Project Management in both Waterfall and Agile environments.
• 7+ years of experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
• 7+ years of experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
• 7+ years of IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security A&A and ATO on a range of systems including classified systems.
• Minimum of one of the following certifications: CISA, CRISC, CISSP, CAP

Nice To Haves

• Strong working knowledge with NIST Special Publications, NIST 800-53 for security control selection and NIST SP 800-37 SA using JCAM system is preferred.

Responsibilities

• Serves as senior technical practitioner executing RMF tasks and supporting Lead ATO SME decision-making.
• Executes assigned RMF activities and provides technical input and recommendations to the Lead.
• Participates in stakeholder meetings and supports AO and SCOP interactions as directed by the Lead.
• Performs system preparation activities (asset identification, boundary support, risk inputs, JCAM entries).
• Performs data entry, validation, and updates within JCAM.
• Develops system descriptions, performs CIA impact analysis, and prepares categorization documentation.
• Supports IPAs, PIAs, and privacy documentation development.
• Selects baseline controls, supports control mapping, and documents control selections in JCAM.
• Documents control tailoring rationale and updates SSPP artifacts.
• Supports development and maintenance of ISCM plans and artifacts.
• Documents implemented controls, updates SSPP, and supports compensating control documentation.
• Supports documentation and validation of automated control implementations.
• Executes or supports control assessments and develops assessment evidence.
• Drafts SARs, updates JCAM assessment artifacts, and supports evidence collection.
• Develops, updates, and tracks POA&Ms.
• Assembles authorization artifacts and supports risk analysis documentation.
• Supports risk analysis documentation and threat matrix development.
• Executes ongoing control assessments and updates RMF artifacts.
• Conducts security impact analyses and updates SSPP/SAR/POA&Ms.
• Supports preparation of security posture and status reports.
• Develops system disposal documentation and supports retirement activities.
• Develops and updates MOUs, ISAs, Incident Response Plans, CPs, and CMPs.
• Supports review of FedRAMP packages and cloud control inheritance documentation.
• Ensures assigned deliverables are accurate, complete, and timely.
• May mentor junior staff and analysts.