Key skills
AWSAzureCloudCyber SecurityIAMSAPCI/CDLeadershipRisk Management
About this role
Role Overview
- Responsible for the day-to-day security operations of one or more information systems
- Maintaining the system’s Authorization to Operate (ATO) under the DoD Risk Management Framework (RMF)
- Serve as the primary point of contact for the ISSM, the Authorizing Official’s representative, and the engineering team on all matters of system security
- Develop and maintain the full body of RMF artifacts—System Security Plan (SSP), Security Assessment Plan (SAP), Plan of Action and Milestones (POA&M), Continuous Monitoring strategy, Privacy Impact Assessment, and Contingency Plan
- Shepherd packages through eMASS or equivalent
- Track vulnerabilities, IAVMs, and STIG compliance; manage POA&M closure; coordinate audits and assessments; review system changes for security impact
- Translate policy (NIST 800-53, CNSSI 1253, DoDI 8500.01, 8510.01) into clear engineering guidance
- Proactively solve unusual and/or complex problems with little or no direction given
- Operate effectively in a fast-paced technical environment supporting senior military leadership
- Partner closely with the Cybersecurity Engineer, the engineering team, and government stakeholders to keep the system secure, compliant, and operational
Requirements
- Active Secret clearance required with the ability to obtain and maintain a Top-Secret clearance
- Minimum of 3-years of experience as an ISSO, ISSM, or equivalent role on DoD information systems
- Demonstrated experience taking systems through the RMF process and achieving/maintaining ATO
- Hands-on experience authoring and maintaining SSPs, SARs, POA&Ms, and Continuous Monitoring documentation
- Working knowledge of NIST SP 800-53, NIST SP 800-37, CNSSI 1253, and applicable DoD/CJCS issuances
- Experience using eMASS, Xacta, or equivalent governance, risk, and compliance (GRC) tooling
- DoD 8570/8140 IAM Level II certification (Security+ CE, CAP, CASP+, or equivalent) at time of hire
- Active DoD Top-Secret Clearance (Desired)
- Bachelor’s or Master’s Degree in Cybersecurity, Information Systems, or related field (Desired)
- DoD 8570/8140 IAM Level III certification (CISSP, CISM, or equivalent) (Desired)
- Experience supporting Special Operations, Intelligence Community, or Combatant Command customers (Desired)
- Experience with cloud ATOs in Azure Government, AWS GovCloud, or Microsoft 365 GCC High (Desired)
- Familiarity with DevSecOps, CI/CD security gates, and continuous ATO (cATO) approaches (Desired)
- Prior experience as a Security Control Assessor (SCA) or assessment team member (Desired)
Tech Stack
- AWS
- Azure
- Cloud
- Cyber Security
Benefits
- High Fringe/Full-Time