Today
Top Secret
Mid Level Career (5+ yrs experience)
$120,000 - $150,000
IT - Security
Washington, DC (On-Site/Office)
Cyber Security SME
Work Type: Full Time
Location: Washington, DC (Hybrid)
Clearance: Top Secret
Job Description: The Cyber Security Subject Matter Expert (SME) will play a key role in ensuring the security and compliance of enterprise production applications within a cloud-based environment. The SME will work closely with the Development, Cloud, and DevSecOps teams, as well as the Information System Security Officer (ISSO), Information System Security Manager (ISSM), and Security Control Assessor (SCA), to support the full lifecycle of system authorization activities—including achieving and maintaining Authority to Operate (ATO) or Authority to Connect (ATC).
The ideal candidate will provide expert guidance on cybersecurity architecture, coordinate CONOPS and design reviews, drive remediation of security findings, and develop cybersecurity standards and frameworks across the program—rooted in Zero Trust principles.
Duties:
ATO/ATC Support:
Lead and coordinate efforts to obtain and maintain ATO/ATC for production systems, ensuring compliance with applicable security frameworks.
Collaboration Across Teams:
Partner with Development, Cloud, and DevSecOps teams to integrate security throughout the SDLC and CI/CD pipelines, ensuring secure-by-design implementations.
Architecture & CONOPS Coordination:
Review and contribute to system architectures, data flows, and Concept of Operations (CONOPS) documents to ensure alignment with Zero Trust principles and organizational security policies.
Security Findings Management:
Support and track the remediation of vulnerabilities and deficiencies identified through scans, assessments, and audits; create and manage Plans of Action & Milestones (POA&Ms) as required.
Cybersecurity Standards Development:
Develop and maintain enterprise cybersecurity standards, guidelines, and best practices to ensure consistent implementation of security controls across all program systems.
Continuous Monitoring:
Support ongoing assessment and authorization (A&A) activities, including risk assessments, configuration management, and continuous monitoring reporting.
Zero Trust Implementation:
Guide teams in applying Zero Trust Architecture (ZTA) principles—identity-centric access control, micro-segmentation, least privilege, and continuous validation—to all system designs and processes.
Qualifications:
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
5+ years of progressive experience in cybersecurity, with at least 3 years supporting federal ATO/ATC processes.
In-depth knowledge of NIST RMF, FedRAMP, and Zero Trust Architecture frameworks.
Experience collaborating with ISSOs, ISSMs, SCAs, and engineering teams.
Familiarity with AWS cloud environments and DevSecOps pipelines.
Strong technical understanding of network security, IAM, encryption, and vulnerability management.
Excellent communication and coordination skills.
Preferred Qualifications:
CISSP, CISM, CAP, or equivalent cybersecurity certification.
Experience with containerized applications, infrastructure as code (IaC), and continuous compliance tools.
Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Compensation and Benefits:
Salary Range: $120,000-150,000 (Compensation is determined by various factors, including but not limited to location, work experience, skills, education, certifications, seniority, and business needs. This range may be modified in the future.)
Benefits: Gridiron offers a comprehensive benefits package including medical, dental, vision insurance, HSA, FSA, 401(k), disability & ADD insurance, life and pet insurance to eligible employees. Full-time and part-time employees working at least 30 hours per week on a regular basis are eligible to participate in Gridiron’s benefits programs.
Gridiron IT Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.
Gridiron IT is a Women Owned Small Business (WOSB) headquartered in the Washington, D.C. area that supports our clients' missions throughout the United States. Gridiron IT specializes in providing comprehensive IT services tailored to meet the needs of federal agencies. Our capabilities include IT Infrastructure & Cloud Services, Cyber Security, Software Integration & Development, Data Solution & AI, and Enterprise Applications. These capabilities are backed by Gridiron IT's experienced workforce and our commitment to ensuring we meet and exceed our clients' expectations.
Work Type: Full Time
Location: Washington, DC (Hybrid)
Clearance: Top Secret
Job Description: The Cyber Security Subject Matter Expert (SME) will play a key role in ensuring the security and compliance of enterprise production applications within a cloud-based environment. The SME will work closely with the Development, Cloud, and DevSecOps teams, as well as the Information System Security Officer (ISSO), Information System Security Manager (ISSM), and Security Control Assessor (SCA), to support the full lifecycle of system authorization activities—including achieving and maintaining Authority to Operate (ATO) or Authority to Connect (ATC).
The ideal candidate will provide expert guidance on cybersecurity architecture, coordinate CONOPS and design reviews, drive remediation of security findings, and develop cybersecurity standards and frameworks across the program—rooted in Zero Trust principles.
Duties:
ATO/ATC Support:
Lead and coordinate efforts to obtain and maintain ATO/ATC for production systems, ensuring compliance with applicable security frameworks.
Collaboration Across Teams:
Partner with Development, Cloud, and DevSecOps teams to integrate security throughout the SDLC and CI/CD pipelines, ensuring secure-by-design implementations.
Architecture & CONOPS Coordination:
Review and contribute to system architectures, data flows, and Concept of Operations (CONOPS) documents to ensure alignment with Zero Trust principles and organizational security policies.
Security Findings Management:
Support and track the remediation of vulnerabilities and deficiencies identified through scans, assessments, and audits; create and manage Plans of Action & Milestones (POA&Ms) as required.
Cybersecurity Standards Development:
Develop and maintain enterprise cybersecurity standards, guidelines, and best practices to ensure consistent implementation of security controls across all program systems.
Continuous Monitoring:
Support ongoing assessment and authorization (A&A) activities, including risk assessments, configuration management, and continuous monitoring reporting.
Zero Trust Implementation:
Guide teams in applying Zero Trust Architecture (ZTA) principles—identity-centric access control, micro-segmentation, least privilege, and continuous validation—to all system designs and processes.
Qualifications:
Bachelor’s degree in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience).
5+ years of progressive experience in cybersecurity, with at least 3 years supporting federal ATO/ATC processes.
In-depth knowledge of NIST RMF, FedRAMP, and Zero Trust Architecture frameworks.
Experience collaborating with ISSOs, ISSMs, SCAs, and engineering teams.
Familiarity with AWS cloud environments and DevSecOps pipelines.
Strong technical understanding of network security, IAM, encryption, and vulnerability management.
Excellent communication and coordination skills.
Preferred Qualifications:
CISSP, CISM, CAP, or equivalent cybersecurity certification.
Experience with containerized applications, infrastructure as code (IaC), and continuous compliance tools.
Clearance: Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information.
Compensation and Benefits:
Salary Range: $120,000-150,000 (Compensation is determined by various factors, including but not limited to location, work experience, skills, education, certifications, seniority, and business needs. This range may be modified in the future.)
Benefits: Gridiron offers a comprehensive benefits package including medical, dental, vision insurance, HSA, FSA, 401(k), disability & ADD insurance, life and pet insurance to eligible employees. Full-time and part-time employees working at least 30 hours per week on a regular basis are eligible to participate in Gridiron’s benefits programs.
Gridiron IT Solutions is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status or disability status.
Gridiron IT is a Women Owned Small Business (WOSB) headquartered in the Washington, D.C. area that supports our clients' missions throughout the United States. Gridiron IT specializes in providing comprehensive IT services tailored to meet the needs of federal agencies. Our capabilities include IT Infrastructure & Cloud Services, Cyber Security, Software Integration & Development, Data Solution & AI, and Enterprise Applications. These capabilities are backed by Gridiron IT's experienced workforce and our commitment to ensuring we meet and exceed our clients' expectations.
group id: 91017793
