Job Requirements
Remote New Cumberland, PA Ogden, UT Philadelphia, PA Richmond, VA
Secret Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Why ITinfra?
• Small, growing, dynamic and fun company to work with
• We emphasize and foster professional growth by helping you set and achieve professional goals
• Exceptional health insurance benefits
• 401K, Paid Time Off (PTO)
Hybrid Work Location(s) – Must be within ~50 miles of a location below:
• Battle Creek, MI
• Columbus, OH
• Dayton OH
• Fort Belvoir, VA
• New Cumberland, PA
• Ogden, UT
• Philadelphia, PA
• Richmond, VA
Job Description:
Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes. Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control), and determines the possible ramifications on the system’s current or future authorization. Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process. Executes the RMF process end-to-end by assessing security controls, analyzing vulnerabilities and authorization impacts, maintaining required artifacts and POA&Ms, producing audit-ready reports and analytics, briefing leadership, and applying cybersecurity expertise across traditional and emerging environments (Cloud, IT, ICS, and OT).
Qualifications:
• Ten (10) years IT experience
• Ten (10) years DOD Cybersecurity experience
• Ten (10) years of Risk Management Framework (RMF) and NIST A&A experience
• Demonstrated DoD cybersecurity experience, including assessing security controls and conducting authorization reviews for large, complex organizations
• Strong understanding of DoD cybersecurity requirements; proven ability to develop and maintain artifacts for STIGs, TCG configuration guides, IAVMs, and Task Orders
• Exceptional ability to develop, maintain, and validate RMF artifacts and cybersecurity documentation
• Experience in DoD authorization process implementation, including supporting cybersecurity policy, procedures, and processes
• Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platforms
• Skilled in analyzing and interpreting cybersecurity guidance from the ISSM/ISSO to produce authoritative system documents such as the SSP, CONOPS, Incident Response Plan, Contingency Plan, Configuration Management Plan, and other required artifacts
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud, information technology (IT), Industrial Control Systems (ICSs), or Operational Technology (OT) infrastructures
• Ability to generate clear, accurate, and audit-ready cybersecurity reports, including vulnerability summaries, compliance status updates, and risk findings for technical and leadership audiences
• Ability to generate detailed analytics and trend reports using data from vulnerability scanners, configuration tools, and security platforms to support decision-making and inspection readiness
• Must be a US Citizen with an active Secret clearance, or higher.
Certifications (x3):
• IAT Level 3 (One of the following): CASP; CCNP Security; CISA; CISSP; GCED; GCIH
• Training Requirements (One of the following): ICS300 or relevant Operational Technology “OT” or Industrial Control System “ICS” Cybersecurity Certifications, ACAS, and Tanium
• Computing Environment Certifications (One of the following): 300-ISC; AWS CS Speciality; AWS CSA Associate; AWS CSA Professional; AWS CSO Admin Associate; GIAC GCWN; ISA CCST Level I; IT Specialist Certification; MC Azure SAE; MC Azure SEA; MCSA WS2016; MCSE WS2016; MCSM DP; OCI Foundations 2020; OCI-FA 2025; Win 10; Windows OS Security
• Small, growing, dynamic and fun company to work with
• We emphasize and foster professional growth by helping you set and achieve professional goals
• Exceptional health insurance benefits
• 401K, Paid Time Off (PTO)
Hybrid Work Location(s) – Must be within ~50 miles of a location below:
• Battle Creek, MI
• Columbus, OH
• Dayton OH
• Fort Belvoir, VA
• New Cumberland, PA
• Ogden, UT
• Philadelphia, PA
• Richmond, VA
Job Description:
Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes. Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control), and determines the possible ramifications on the system’s current or future authorization. Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process. Executes the RMF process end-to-end by assessing security controls, analyzing vulnerabilities and authorization impacts, maintaining required artifacts and POA&Ms, producing audit-ready reports and analytics, briefing leadership, and applying cybersecurity expertise across traditional and emerging environments (Cloud, IT, ICS, and OT).
Qualifications:
• Ten (10) years IT experience
• Ten (10) years DOD Cybersecurity experience
• Ten (10) years of Risk Management Framework (RMF) and NIST A&A experience
• Demonstrated DoD cybersecurity experience, including assessing security controls and conducting authorization reviews for large, complex organizations
• Strong understanding of DoD cybersecurity requirements; proven ability to develop and maintain artifacts for STIGs, TCG configuration guides, IAVMs, and Task Orders
• Exceptional ability to develop, maintain, and validate RMF artifacts and cybersecurity documentation
• Experience in DoD authorization process implementation, including supporting cybersecurity policy, procedures, and processes
• Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platforms
• Skilled in analyzing and interpreting cybersecurity guidance from the ISSM/ISSO to produce authoritative system documents such as the SSP, CONOPS, Incident Response Plan, Contingency Plan, Configuration Management Plan, and other required artifacts
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud, information technology (IT), Industrial Control Systems (ICSs), or Operational Technology (OT) infrastructures
• Ability to generate clear, accurate, and audit-ready cybersecurity reports, including vulnerability summaries, compliance status updates, and risk findings for technical and leadership audiences
• Ability to generate detailed analytics and trend reports using data from vulnerability scanners, configuration tools, and security platforms to support decision-making and inspection readiness
• Must be a US Citizen with an active Secret clearance, or higher.
Certifications (x3):
• IAT Level 3 (One of the following): CASP; CCNP Security; CISA; CISSP; GCED; GCIH
• Training Requirements (One of the following): ICS300 or relevant Operational Technology “OT” or Industrial Control System “ICS” Cybersecurity Certifications, ACAS, and Tanium
• Computing Environment Certifications (One of the following): 300-ISC; AWS CS Speciality; AWS CSA Associate; AWS CSA Professional; AWS CSO Admin Associate; GIAC GCWN; ISA CCST Level I; IT Specialist Certification; MC Azure SAE; MC Azure SEA; MCSA WS2016; MCSE WS2016; MCSM DP; OCI Foundations 2020; OCI-FA 2025; Win 10; Windows OS Security
group id: 91135060