Job Description
Duties May Include: Apply RMF processes to support system Assessment & Authorization (A&A), including control selection, implementation, assessment, and continuous monitoring Develop, review, and maintain security documentation such as SSPs, POA&Ms, SARs, and ATO artifacts in tools such as XACTA or eMASS Conduct vulnerability assessments and compliance scans (e.g., ACAS) and track remediation of findings and IAVM requirements Implement and validate security controls aligned with NIST 800-53, CNSSI 1253, and related DoD guidance Support system hardening, patching, and configuration management in compliance with STIGs for Linux, Windows, and network devices Monitor systems for security events and support incident response and risk mitigation activities Assess security impacts of system changes and support configuration control boards (CCBs) Collaborate with system engineers, administrators, and DevSecOps teams to integrate security throughout the system lifecycle Provide cybersecurity risk input to program leadership, Authorizing Officials (AOs), and stakeholders Requirements Required Qualifications: Bachelor's degree with 5+ years of experience (or equivalent experience) DoD 8570 IAT Level II or higher certification (e.g., Security+, CySA+, CISSP) Experience with RMF, A&A, POA&M, and ATO documentation (XACTA/eMASS) Hands-on vulnerability scanning and compliance tracking (ACAS, IAVM) Experience securing Linux and Windows systems, STIGs, patching, and system hardening Knowledge of NIST 800-series publications and incident response processes Strong analytical, communication, and collaboration skills US Citizenship required Active or current (within two years of active) Top Secret clearance with SCI eligibility