Key skills
AWSCloudCyber SecurityPythonServiceNowSplunkBashPowerShellIAMLeadershipCommunicationCloud Security
About this role
Role Overview
- Lead end-to-end RMF activities, including control implementation, artifact development, risk documentation, and POA&M management.
- Guide ATO preparation, package development, and remediation planning efforts across project teams.
- Evaluate authorization packages, identify compliance gaps, and drive resolution of risks and findings.
- Ensure alignment with VA Handbook 6500, NIST SP 800-53, NIST SP 800-37, TIC 3.0, and federal cloud security standards.
- Assess system security posture across networks, cloud environments, and applications to support secure solution design.
- Perform vulnerability assessments using tools such as Nessus and Fortify, and track remediation and residual risk.
- Develop RMF documentation including SSPs, Incident Response Plans, and Contingency Plans, and present findings to stakeholders.
- Take on additional tasks and responsibilities as needed to support team objectives and ensure the success of the project.
Requirements
- Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, or related field (or equivalent experience).
- Minimum 8 years of IT/cybersecurity experience, including 5+ years of RMF and ATO experience supporting federal agencies.
- At least 3 years of experience in cloud security, preferably within AWS GovCloud environments.
- Strong expertise in NIST RMF, NIST SP 800-53 controls, and federal ATO processes.
- Experience with GRC platforms such as ServiceNow (CAM).
- Proficiency with vulnerability assessment tools such as Nessus, Fortify, and related scanning technologies.
- Knowledge of cloud security tools including AWS Security Hub, GuardDuty, CloudTrail, and IAM Access Analyzer.
- Experience with SIEM platforms such as Splunk.
- Ability to automate assessments using Python, PowerShell, or Bash.
- Strong leadership, analytical, problem-solving skills, and ability to guide cross-functional teams through security processes.
- Excellent communication skills for presenting technical information to stakeholders.
- Active ISC2 CISSP certification (or equivalent).
- One or more certifications such as CAP, CCSP, CISM, CISA, CEH, Security+, or Network+.
- Experience with VA security processes, VA Handbook 6500, and federal compliance frameworks.
- Familiarity with configuration management tools such as BigFix or SCCD.
- Experience supporting continuous monitoring and A&A activities in federal environments.
Tech Stack
- AWS
- Cloud
- Cyber Security
- Python
- ServiceNow
- Splunk
Benefits
- Medical/Dental/Vision.
- 401k with Employer Match.
- PTO + Federal Holidays.
- Corporate Laptop.
- Training Opportunities.