Job Requirements
Quantico, VA
Top Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
RMF & Compliance (Risk Management Framework)
• Lead the RMF lifecycle (Primarily steps 1–3) to obtain and maintain Authorization to Operate (ATO) for complex cloud based systems and IT infrastructures.
• Develop and maintain System Security Plans (SSP), Security Assessment Plans (SAP), and Plans of Action and Milestones (POA&M) within eMASS.
• Conduct automated and manual security testing using tools such as SCAP Compliance Checker (SCC) and STIG Viewer to ensure 100% compliance with DISA Security Technical Implementation Guides (STIGs).
• Conduct cyber risk reviews, using your experience and knowledge to aid our customer in providing recommendations for various tasks to ensure a proper level of risk management is put forward.
Technical Leadership & Collaboration
• Serve as the primary technical liaison between the Program Management Office (PMO) and the Security Control Assessor (SCA).
• Review and approve Engineering Change Requests to ensure that system modifications do not negatively impact the established security posture.
• Mentor junior security staff on the application of CNSSI 1253 and NIST SP 800-53 security controls.
System Interconnection & Governance
• Coordinate Interconnection Security Agreements (ISA): Lead the technical and administrative effort to establish ISAs between the customer and external DoD or Federal agencies, ensuring that joint security requirements are clearly defined and met.
• Develop MOU/MOA Documentation: Author and negotiate Memorandum of Understanding (MOU) and Memorandum of Agreement (MOA) documents to codify the terms, conditions, and security responsibilities for shared resources or cross-organizational system access.
• Provide Security Leadership: Act as the customer’s primary security advocate during high-level meetings, ensuring that all interconnection agreements maintain the system's security boundary and do not introduce unacceptable risk.
• Inter-Agency Liaison: Facilitate technical discussions between disparate engineering teams to resolve security conflicts during the drafting and approval process of governance documents.
Configuration & Change Management
• Participate in Configuration Control Board (CCB) & CLA Reviews: Act as the lead security representative during Configuration Literacy/Level Assessment (CLA) reviews to ensure proposed changes are scrutinized for security impact.
• Perform Security Impact Analysis: Evaluate Engineering Change Proposals (ECPs) and system baseline modifications during CLA sessions to prevent "scope creep" from degrading the system's security posture.
• Lifecycle Traceability: Ensure that all changes approved during CLA reviews are accurately reflected in the RMF documentation, including updated System Security Plans (SSP) and network diagrams.
Strategic Security Oversight
• Standardize Security Governance: Establish standard operating procedures (SOPs) for how the customer manages and renews ISAs/MOUs to ensure continuous compliance and avoid lapsed authorizations.
• Risk Evaluation for Shared Services: Analyze the risk of connecting to external Service Providers (e.g., DISA Cloud, AWS GovCloud) and provide the Customer with a clear roadmap for secure integration.
• Lead the RMF lifecycle (Primarily steps 1–3) to obtain and maintain Authorization to Operate (ATO) for complex cloud based systems and IT infrastructures.
• Develop and maintain System Security Plans (SSP), Security Assessment Plans (SAP), and Plans of Action and Milestones (POA&M) within eMASS.
• Conduct automated and manual security testing using tools such as SCAP Compliance Checker (SCC) and STIG Viewer to ensure 100% compliance with DISA Security Technical Implementation Guides (STIGs).
• Conduct cyber risk reviews, using your experience and knowledge to aid our customer in providing recommendations for various tasks to ensure a proper level of risk management is put forward.
Technical Leadership & Collaboration
• Serve as the primary technical liaison between the Program Management Office (PMO) and the Security Control Assessor (SCA).
• Review and approve Engineering Change Requests to ensure that system modifications do not negatively impact the established security posture.
• Mentor junior security staff on the application of CNSSI 1253 and NIST SP 800-53 security controls.
System Interconnection & Governance
• Coordinate Interconnection Security Agreements (ISA): Lead the technical and administrative effort to establish ISAs between the customer and external DoD or Federal agencies, ensuring that joint security requirements are clearly defined and met.
• Develop MOU/MOA Documentation: Author and negotiate Memorandum of Understanding (MOU) and Memorandum of Agreement (MOA) documents to codify the terms, conditions, and security responsibilities for shared resources or cross-organizational system access.
• Provide Security Leadership: Act as the customer’s primary security advocate during high-level meetings, ensuring that all interconnection agreements maintain the system's security boundary and do not introduce unacceptable risk.
• Inter-Agency Liaison: Facilitate technical discussions between disparate engineering teams to resolve security conflicts during the drafting and approval process of governance documents.
Configuration & Change Management
• Participate in Configuration Control Board (CCB) & CLA Reviews: Act as the lead security representative during Configuration Literacy/Level Assessment (CLA) reviews to ensure proposed changes are scrutinized for security impact.
• Perform Security Impact Analysis: Evaluate Engineering Change Proposals (ECPs) and system baseline modifications during CLA sessions to prevent "scope creep" from degrading the system's security posture.
• Lifecycle Traceability: Ensure that all changes approved during CLA reviews are accurately reflected in the RMF documentation, including updated System Security Plans (SSP) and network diagrams.
Strategic Security Oversight
• Standardize Security Governance: Establish standard operating procedures (SOPs) for how the customer manages and renews ISAs/MOUs to ensure continuous compliance and avoid lapsed authorizations.
• Risk Evaluation for Shared Services: Analyze the risk of connecting to external Service Providers (e.g., DISA Cloud, AWS GovCloud) and provide the Customer with a clear roadmap for secure integration.
group id: 10191027