Purpose and Impact:

As the Security Subject Matter Expert, you will serve as the critical bridge between high-level security policies and their technical implementation, driving the Risk Management Framework (RMF) and Assessment & Authorization (A&A) lifecycle across multiple applications. Your primary purpose is to ensure that system designs inherently meet rigorous security objectives by evaluating IT architectures, guiding development teams, and enforcing compliance with NIST SP 800-53 and enterprise standards from concept to deployment.

In this role, your work directly safeguards mission-critical systems and reduces organizational risk. By proactively identifying, tracking, and mitigating vulnerabilities through continuous monitoring, STIG enforcement, and POA&M management, you ensure the resilience of enterprise capabilities. Your leadership in disaster recovery planning and IAVA compliance empowers engineers and developers to securely deliver operations, ultimately protecting the integrity and availability of our technological infrastructure.

Work Schedule: Work hours are 9am - 5pm, Monday thru Friday.

Essential Responsibilities:

• Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements.
• Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies into formal system test plans.
• Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications.
• Provide guidance to teams on the A&A Process to include: related security documentation such as systems concept of operations (ConOps), system security design, implementation plans, operational procedures, and maintenance training materials.
• Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)
• Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)
• Provide engineering support and assistance to authorization/accreditation test and evaluation activities
• Conduct IT Disaster Recovery exercises and maintain all associated documentation
• Management of software in use and updates as required
• Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
• Conduct and review security scans
• Track and mitigate customer system vulnerabilities
• Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches
• Ensure STIG compliance and mitigation
• Ensure and maintain integration compliance with enterprise services
• Provide continuous monitoring support for information systems
• Assist with running vulnerability scans on various applications and provide recommendations for compliance
• Ability to work closely with leadership, engineers, admins, and developers to efficiently work through the A&A process and Continuous Monitoring.

Work Environment, Physical Demands, and Mental Demands: Most work will be done at a desk or computer.

Minimum Requirements (Knowledge, Skills, and Abilities):

Skills & Tasks:

• Bridge the gap between high-level security policies/requirements and technical/operational implementation of those requirements.
• Apply Risk Management Framework (RMF) security controls in accordance with regulatory policies.
• Serve as the security subject matter expert (SME) and will manage the execution of systems security activities for multiple applications.

Job Duties:

• Provide guidance to teams on the A&A Process to include: related security documentation such as systems concept of operations, system security design, implementation plans, operational procedures, and maintenance training materials; System Security Plan (SSP); System Test Plan.
• Provide support to development teams for mitigation and management of Plan of action and Milestones (POA&Ms)
• Conducts assessments of existing IT architecture for compliance with security requirements in accordance with regulatory security frameworks (IAW NIST SP 800-53 Rev. 4)
• Provide engineering support and assistance to authorization/accreditation test and evaluation activities
• Evaluate proposed security architectures and designs and provide input as to the adequacy of those security designs to meet required security compliance objectives
• Conduct and review security scans
• Track and mitigate customer system vulnerabilities
• Participate in IAVA Testing and provide recommendations of baseline acceptance of system patches
• Ensure STIG compliance and mitigation
• Provide continuous monitoring support for information systems
• Assist with running vulnerability scans on various applications and provide recommendations for compliance

Security Clearance Required:

• TS/SCI w/Poly

Minimum Education:

• Bachelor's degree plus 10 years experience, Associates degree plus 12 years experience, or a minimum of 14 years of experience, in a related field

Minimum Years of Experience:

• See Minimum Education

Preferred Qualifications: AI if applicable to your program

• XACTA 360 experience
• Certified Information Systems Security Professional (CISSP), CompTIA CASP, or other IAT II Certification
• Extensive experience with Security Framework regulations, to include: NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF
• Extensive experience with Plan of Action Milestones (POA&Ms) and knowledge of appropriate corrective action for unacceptable risks
• Experience with a variety of systems (e.g. desktop, cloud, etc.)
• Knowledge of Enterprise Security Best Practices (IAW NIST 800-53 Rev4; ICD 503; CNSS 1253; RMF)
• Applicable software/ hardware/management training & certification (e.g.; specialties like Amazon Web Service architect/engineering, ServiceNow/Service+)

This position is not designated as a safety sensitive position.

Other Responsibilities:

Safety - Amentum enforces a safety culture whereby all employees have the responsibility for continuously developing and maintaining a safe work environment. As appropriate, each employee is responsible for completing all training requirements and fulfilling all self-aid/buddy aid responsibilities, participating in emergency response tasks and serving on safety committees and teams.

Quality - Quality is the foundation for the management of our business and the keystone to our goal of customer satisfaction. It is our policy to consistently provide services that meet customer expectations. Accordingly, each employee must conform to the Amentum Quality Policy and carry out job activities in compliance with applicable Amentum Quality System documents and customer contracts. Each employee must read and understand his/her Quality Management and Customer Satisfaction responsibilities.

Procedure Compliance - Each employee must read, understand and implement the general and specific operational, safety, quality and environmental requirements of all plans, procedures and policies pertaining to his/her job.

Compensation Details:
US:$185,000 - $200,000

The compensation range or hourly rate listed for this position is provided as a good-faith estimate of what the company intends to offer for this role at the time this posting was issued. Actual compensation may vary based on factors such as job responsibilities, education, experience, skills, internal equity, market data, applicable collective bargaining agreements, and relevant laws.

Benefits Overview:

Our health and welfare benefits are designed to support you and your priorities. Offerings include:

• Health, dental, and vision insurance
• Paid time off and holidays
• Retirement benefits (including 401(k) matching)
• Educational reimbursement
• Parental leave
• Employee stock purchase plan
• Tax-saving options
• Disability and life insurance
• Pet insurance

Note: Benefits may vary based on employment type, location, and applicable agreements. Positions governed by a Collective Bargaining Agreement (CBA), the McNamara-O'Hara Service Contract Act (SCA), or other employment contracts may include different provisions/benefits.

Original Posting:
05/27/2026 - Until Filled
Amentum anticipates this job requisition will remain open for at least three days, with a closing date no earlier than three days after the original posting. This timeline may change based on business needs.