Senior ATO/A&A Subject Matter Expert

ESM

$100K — $140K *
Information Technology
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity, Information Assurance, Information Systems, Information Technology, or related field.
  • 7 years of experience in cybersecurity compliance and related security activities.
  • Public Trust clearance required.
  • Extensive knowledge of security regulations and assessments, including A&A packages and ATOs for classified systems.
  • Strong working knowledge of NIST SP 800-53 and NIST SP 800-37, with JCAM experience preferred.

Responsibilities

  • Lead analysis of ACAS scan reports to prioritize and remediate application-level vulnerabilities.
  • Create and manage Plans of Action and Milestones (POA&Ms) in eMASS for unresolved security findings.
  • Implement and maintain a continuous monitoring strategy under the RMF, including reporting to stakeholders.
  • Serve as primary cybersecurity liaison coordinating with the ISSM and integrating security policy throughout the system lifecycle.
  • Conduct compliance assessments to ensure adherence to NIST guidelines and maintain PPSM documentation.

Benefits

  • Inclusive work environment that encourages professional growth.
  • Opportunity to work within a federal environment, offering unique challenges and stability.
  • Access to continuous training in cybersecurity best practices and compliance.
Full Job Description
We are hiring a Senior ATO/A&A Subject Matter Expert to support an enterprise-level program within a federal environment.

Job Description and Responsibilities

Leads the analysis of weekly Assured Compliance Assessment Solutions (ACAS) scan reports to identify and prioritize application-level vulnerabilities and drives remediation of Security Technical Information Guide (STIG) and ACAS findings by working directly with the technical team. Creates, documents, and manages Plans of Action and Milestones (POA&Ms) in eMASS for all open findings that cannot be immediately remediated. Implements and manages the continuous monitoring strategy, including tailoring, collecting, and reporting on all applicable Risk Management Framework (RMF) controls, and provides formal risk management status reports to the government. Serves as the primary cybersecurity liaison, coordinating with the Information System Security Manager (ISSM) and other stakeholders to review security policies and ensure cybersecurity is integrated throughout the program lifecycle. Ensures Ports, Protocols, and Services Management (PPSM) documentation is accurately maintained and updated. Conducts objective evaluations of system compliance against applicable security controls, standards, and procedures, and reports all noncompliance findings to the government. Applies extensive knowledge of security regulations and security assessments, including the development of numerous security Assessment and Authorization (A&A) packages and Authorizations to Operate (ATOs) for a variety of systems, including classified environments. Demonstrates strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37, with experience using the JCAM system preferred.

Required Knowledge, Skills and Abilities (KSA)
  • Leads analysis of ACAS scan reports to identify, prioritize, and track application-level vulnerabilities, and coordinates remediation of STIG and ACAS findings with technical teams.
  • Creates, documents, and manages Plans of Action and Milestones (POA&Ms) in eMASS for security findings that cannot be immediately remediated.
  • Implements and maintains a continuous monitoring strategy under the Risk Management Framework (RMF), including control tailoring, assessment, tracking, and formal risk reporting to stakeholders.
  • Serves as primary cybersecurity liaison, coordinating with the ISSM and other stakeholders to integrate cybersecurity requirements and security policy compliance throughout the system lifecycle.
  • Conducts system compliance assessments and supports A&A/ATO activities, ensuring adherence to NIST SP 800-53 and NIST SP 800-37, and maintains PPSM documentation while reporting noncompliance findings.


Desired KSA
  • Be a positive, self-motivated, and proactive person with the ability to adapt to change and tolerate stressful situations
  • Candidate must communicate effectively with team members, team lead, management, and government customer
  • Must have the ability and desire to research and develop creative solutions to unique problems with minimal supervision


Minimum Training, Education, and Certifications
  • Bachelor's degree in Cybersecurity, Information Assurance, Information Systems, Information Technology, or related field
  • Seven (7) years of experience supporting cybersecurity compliance, ISSO functions, information assurance, governance/risk/compliance (GRC), or related security activities.


Minimum Clearance
  • Public Trust


Physical Requirements
  • Required to stand, walk and sit; communicate verbally both in person and by telephone; use hands to finger, handle or feel objects or controls; reach with hands and arms. Regularly required to stoop, kneel, bend, crouch and lift up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, color vision and the ability to adjust focus.
  • Physical demands associated with this position include extensive walking (including stairs) throughout offices and between buildings. May require use of public transportation, personal or Government vehicle to drive to local and/or remote office locations.


Additional Requirements
  • Other duties as assigned

Similar Jobs

More Jobs at ESM

More Information Technology Jobs

Find similar Senior ATO/A&A Subject Matter Expert jobs: