Job Type
Full-time
Description
NexGen Data Systems is seeking a highly skilled Cybersecurity A&A SME to execute comprehensive Assessment and Authorization (A&A) workflows, Package Readiness Reviews (PRRs), and independent compliance evaluations for USTRANSCOM. The scope of this project involves managing lifecycle RMF packages across NIPRNet, SIPRNet, and commercial cloud environments to secure approximately 40 active combatant command systems.
The Cyber A&A SME will perform deep-dive Independent Verification & Validation (IV&V) of system artifacts, manage tenant Plan of Action and Milestones (POA&Ms), and engineer automated data mechanisms to export DevSecOps test pipelines into the enterprise eMASS repository.
Roles & Responsibilities- Manage and process complex eMASS workflows, leading Package Readiness Reviews (PRRs) to finalize authority-to-operate (ATO) packages for Authorizing Official (AO) approval.
- Perform deep-dive Independent Verification & Validation (IV&V) of system STIG checklists, SCAP scans, and raw ACAS findings prior to official package submission.
- Evaluate tenant Plan of Action and Milestones (POA&Ms) closure evidence, and author formal Risk Acceptance (RA) memorandums for high-level military leadership review.
- Conduct detailed security impact assessments for DevSecOps cloud applications, validating Infrastructure as Code (IaC) templates (Terraform, Ansible) for misconfigurations.
- Engineer automated pipeline integration mechanisms to ingest continuous test results directly into eMASS using OSCAL or native API schemas.
- Monitor the continuous Zero Trust (ZT) compliance status of legacy network enclaves, scoring target capabilities against the DoD Capability Execution Roadmap.
- Translate physical Zero Trust technical controls into custom RMF overlays within eMASS without causing system compliance data errors.
Other Duties: Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.
Requirements
Desired/Required Skills:- Clearance Required: Active Department of Defense Top Secret/SCI (Tier 5 Investigation) required.
- Location: On-site at Scott Air Force Base (AFB), IL.
- Education: Bachelor's degree in Computer Science/Engineering/Information Management OR 5 years' experience with an active technical certification.
- REQUIRED Cyber Baseline: Active DoD 8570.01-M / DoDM 8140 IAM Level II or higher certification (e.g., CAP/ISC2 Authorization Certified, CISSP, or CISM).
- REQUIRED Computing Environment: Active eMASS Tier 2/3 User Validation or certified training credentials and official ACAS Administrator certification.
- REQUIRED Foundational Qualification: Defense Cyber Crime Center (DC3) Cyber 101 course completion.
- 6-9 years' relevant RMF compliance and package engineering experience within a combatant command framework.
- Deep master-level proficiency drafting technical milestones within the Enterprise Mission Assurance Support Service (eMASS) tool.
- Strong experience evaluating DISA Security Technical Implementation Guides (STIGs) and parsing SCAP compliance analyzer outputs.
Benefits:- Company covers 100% of premiums for the employee's medical, dental, and vision insurance and subsidizes premiums for spouse and dependents.
- Company provides short and long term disability plans.
- 401(k) match up to 10% of the employee's salary contributions to 401(K) plan.
- Comprehensive training and development program.
- 11 paid holidays and paid time off (PTO) accrual level starts at 15 days annually.
