OverviewResponsibilities
- Provide expert-level advisory for the implementation of the NIST Risk Management Framework (RMF).
- Lead the development and maintenance of comprehensive System Security Plans (SSP) and security control traceabilities.
- Technical implementation and management of security assessment artifacts within the eMASS (Enterprise Mission Assurance Support Service) system.
- Conduct internal technical security assessments to ensure readiness for formal third-party assessment (3PAO) audits.
- Analyze technical system configurations to ensure adherence to NIST 800-53 Moderate/High controls and DISA STIGs.
- Serve as the primary technical advisor during the federal Authority to Operate (ATO) lifecycle for agency systems.
- Manage the technical implementation of Plans of Action and Milestones (POA&M) for remediating security gaps.
Qualifications
- Bachelor’s degree in a technical field.
- 12+ years of experience in cybersecurity and federal compliance.
- 7+ years of deep expertise in the NIST RMF and the eMASS system.
- Recognized authority in federal IT compliance and security authorization.
Preferred Certifications
- Federal & Security: CISSP (required) and Certified Authorization Professional (CAP) or CISA.
- Domain-Specific: AWS/Azure Security certifications.
- Architecture/Management: CISM or GSLC.
Technical Skills
- Compliance Systems: eMASS, Xacta, ServiceNow GRC.
- Technical Assessment Tools: Tenable/ACAS, STIG Viewer, SCAP Compliance Checker.
- Documentation: SSP, SAR, RAR, POA&M development.
- Standards: NIST 800-53, 800-37, 800-171, FIPS 199.
Regulatory & Domain Expertise
- Demonstrated expertise in applying FedRAMP Moderate/High baselines and DoD RMF requirements.
- Technical implementation of FISMA High compliance for enterprise federal systems.
- Experience with Continuous Diagnostics and Mitigation (CDM) and continuous monitoring programs.
Clearance Requirement
- Active security clearance (Secret or Top Secret) or eligibility to obtain one.