Job Requirements
Washington, DC
Public Trust Polygraph not specified
Senior Level Career (10+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
For more than a decade, Karthik Consulting has been a reliable and trusted advisor to our Government customers, providing independent and unbiased recommendations and solutions to mitigate risk and help solve IT issues. We bring the innovation, passion, and agility of the commercial sector to meet the unique challenges of this competitive space.
Karthik Consulting is seeking a Senior ATO Subject Matter Expert Cybersecurity Analyst III with the below skillset.
Senior ATO Subject Matter Expert Cybersecurity Analyst III
Fulltime with Karthik Consulting
Location: Washington, DC
Clearance: Public Trust
Program Description:
The IT CSSS program provides information security support to the Federal Bureau of Prisons Information Technology & Data Division and other DOJ components as required. The program supports BOP obligations to protect federal information systems under FISMA, OMB Circular A-130, the Privacy Act, NIST RMF guidance, DOJ policy, and related cybersecurity requirements.
Program Scope:
The program covers ATO maintenance and rapid ATO activities, RMF lifecycle support, JCAM-based authorization management, FISMA/FISCAM audit support, security architecture and engineering support, vulnerability and risk management, privacy documentation, FedRAMP assessment support, continuous monitoring, and coordination with BOP system owners, CORs, AOs, and technical stakeholders.
Key Responsibilities:
ATO and Authorization Lifecycle Leadership
• Lead security A&A and ATO activities for information systems across live networks, desktop systems, servers, enterprise databases, and classified or sensitive environments as assigned.
• Develop, maintain, and assess authorization packages that support successful certification and accreditation, security authorization, reauthorization, and ongoing authorization decisions.
• Apply NIST SP 800-37 RMF processes and DOJ/BOP authorization procedures to support prepare, categorize, select, implement, assess, authorize, and monitor activities.
• Use JCAM or similar authorization management systems to document system information, control baselines, authorization evidence, risk decisions, and approval status.
System Security Assessment and Documentation
• Perform system security assessments and prepare assessment-ready documentation for security controls, implementation status, technical evidence, and identified weaknesses.
• Prepare, review, and update SSPP/SSP, SAR, POA&M, residual risk, risk analysis, threat matrix, authorization memo, and executive briefing artifacts.
• Assess system boundaries, information types, categorization decisions, control implementation details, and supporting evidence for accuracy and completeness.
• Coordinate updates to incident response, contingency planning, configuration management, privacy, MOU/ISA, and other RMF-related documentation as required.
Security Policy, Compliance, and Risk Advisory
• Assess and enhance IT security policies and procedures in response to federal, DOJ, BOP, and international regulatory requirements as applicable.
• Apply strong working knowledge of NIST Special Publications, NIST SP 800-53 security control selection, and federal cybersecurity requirements to improve authorization readiness.
• Analyze security findings, vulnerabilities, policy gaps, and control deficiencies to determine risk impact and recommend corrective actions or risk response options.
• Support risk-based decision-making by translating security assessment results into clear recommendations for system owners, AOs, CORs, and program leadership.
Security Upgrades and Technical Coordination
• Coordinate with system owners, operations and maintenance teams, engineers, and assessors to support security upgrades and remediation activities for operational systems.
• Review proposed system and environment changes to determine potential security or privacy impact and required updates to authorization artifacts.
• Support vulnerability remediation, control implementation validation, and technical evidence collection across on-premises, cloud, hybrid, and air-gapped environments.
• Ensure security documentation reflects the as-implemented state of systems and remains current as technologies, configurations, and mission requirements evolve.
Reporting, Stakeholder Engagement, and Quality Control
• Prepare written communications, status updates, briefings, risk summaries, and authorization decision support materials for government and contractor leadership.
• Support monthly reporting by documenting deliverables, risks, issues, corrective actions, authorization milestones, and system security posture.
• Coordinate with BOP system owners, CORs, AOs, privacy stakeholders, assessors, and technical teams to resolve documentation gaps and authorization risks.
• Maintain high-quality, audit-ready artifacts that meet SOW requirements for content, completeness, accuracy, and conformance.
Qualifications
Education
• Bachelor’s degree required.
• Degree in cybersecurity, information systems, computer science, information technology, management information systems, or a STEM related discipline preferred.
Professional Certifications
Candidate must possess at least one of the following required certifications:
• CISA - Certified Information Systems Auditor.
• CRISC - Certified in Risk and Information Systems Control.
• CISSP - Certified Information Systems Security Professional.
• CAP - Certified Authorization Professional.
Minimum Qualifications
• Minimum of seven (7) years of experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful certification and accreditation or security authorization.
• Minimum of seven (7) years of experience assessing and enhancing IT systems security policies and procedures in response to regulatory requirements associated with federal and international standards.
• Minimum of seven (7) years of IT security experience with extensive knowledge of security regulations and security assessments, including experience developing security A&A and ATO packages for a range of systems, including classified systems.
• Experience supporting RMF, ATO maintenance, security authorization documentation, control assessment, risk analysis, POA&M management, and ongoing authorization activities.
• Ability to coordinate with system owners, technical teams, assessors, authorizing officials, privacy stakeholders, CORs, and program leadership.
• Public Trust / Suitability required; must be able to obtain and maintain required access for the duration of the assignment.
Preferred Qualifications
• Strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37 for RMF/security authorization.
• Experience using DOJ JCAM or similar governance, risk, and compliance systems to manage authorization artifacts, evidence, and authorization status.
• Prior DOJ, BOP, or federal law enforcement cybersecurity support experience.
• Experience supporting on-premises, cloud, hybrid, air-gapped, or classified federal systems.
• Strong written communication skills with the ability to produce audit-ready cybersecurity documentation and executive-level risk summaries.
Karthik Consulting is seeking a Senior ATO Subject Matter Expert Cybersecurity Analyst III with the below skillset.
Senior ATO Subject Matter Expert Cybersecurity Analyst III
Fulltime with Karthik Consulting
Location: Washington, DC
Clearance: Public Trust
Program Description:
The IT CSSS program provides information security support to the Federal Bureau of Prisons Information Technology & Data Division and other DOJ components as required. The program supports BOP obligations to protect federal information systems under FISMA, OMB Circular A-130, the Privacy Act, NIST RMF guidance, DOJ policy, and related cybersecurity requirements.
Program Scope:
The program covers ATO maintenance and rapid ATO activities, RMF lifecycle support, JCAM-based authorization management, FISMA/FISCAM audit support, security architecture and engineering support, vulnerability and risk management, privacy documentation, FedRAMP assessment support, continuous monitoring, and coordination with BOP system owners, CORs, AOs, and technical stakeholders.
Key Responsibilities:
ATO and Authorization Lifecycle Leadership
• Lead security A&A and ATO activities for information systems across live networks, desktop systems, servers, enterprise databases, and classified or sensitive environments as assigned.
• Develop, maintain, and assess authorization packages that support successful certification and accreditation, security authorization, reauthorization, and ongoing authorization decisions.
• Apply NIST SP 800-37 RMF processes and DOJ/BOP authorization procedures to support prepare, categorize, select, implement, assess, authorize, and monitor activities.
• Use JCAM or similar authorization management systems to document system information, control baselines, authorization evidence, risk decisions, and approval status.
System Security Assessment and Documentation
• Perform system security assessments and prepare assessment-ready documentation for security controls, implementation status, technical evidence, and identified weaknesses.
• Prepare, review, and update SSPP/SSP, SAR, POA&M, residual risk, risk analysis, threat matrix, authorization memo, and executive briefing artifacts.
• Assess system boundaries, information types, categorization decisions, control implementation details, and supporting evidence for accuracy and completeness.
• Coordinate updates to incident response, contingency planning, configuration management, privacy, MOU/ISA, and other RMF-related documentation as required.
Security Policy, Compliance, and Risk Advisory
• Assess and enhance IT security policies and procedures in response to federal, DOJ, BOP, and international regulatory requirements as applicable.
• Apply strong working knowledge of NIST Special Publications, NIST SP 800-53 security control selection, and federal cybersecurity requirements to improve authorization readiness.
• Analyze security findings, vulnerabilities, policy gaps, and control deficiencies to determine risk impact and recommend corrective actions or risk response options.
• Support risk-based decision-making by translating security assessment results into clear recommendations for system owners, AOs, CORs, and program leadership.
Security Upgrades and Technical Coordination
• Coordinate with system owners, operations and maintenance teams, engineers, and assessors to support security upgrades and remediation activities for operational systems.
• Review proposed system and environment changes to determine potential security or privacy impact and required updates to authorization artifacts.
• Support vulnerability remediation, control implementation validation, and technical evidence collection across on-premises, cloud, hybrid, and air-gapped environments.
• Ensure security documentation reflects the as-implemented state of systems and remains current as technologies, configurations, and mission requirements evolve.
Reporting, Stakeholder Engagement, and Quality Control
• Prepare written communications, status updates, briefings, risk summaries, and authorization decision support materials for government and contractor leadership.
• Support monthly reporting by documenting deliverables, risks, issues, corrective actions, authorization milestones, and system security posture.
• Coordinate with BOP system owners, CORs, AOs, privacy stakeholders, assessors, and technical teams to resolve documentation gaps and authorization risks.
• Maintain high-quality, audit-ready artifacts that meet SOW requirements for content, completeness, accuracy, and conformance.
Qualifications
Education
• Bachelor’s degree required.
• Degree in cybersecurity, information systems, computer science, information technology, management information systems, or a STEM related discipline preferred.
Professional Certifications
Candidate must possess at least one of the following required certifications:
• CISA - Certified Information Systems Auditor.
• CRISC - Certified in Risk and Information Systems Control.
• CISSP - Certified Information Systems Security Professional.
• CAP - Certified Authorization Professional.
Minimum Qualifications
• Minimum of seven (7) years of experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise databases leading to successful certification and accreditation or security authorization.
• Minimum of seven (7) years of experience assessing and enhancing IT systems security policies and procedures in response to regulatory requirements associated with federal and international standards.
• Minimum of seven (7) years of IT security experience with extensive knowledge of security regulations and security assessments, including experience developing security A&A and ATO packages for a range of systems, including classified systems.
• Experience supporting RMF, ATO maintenance, security authorization documentation, control assessment, risk analysis, POA&M management, and ongoing authorization activities.
• Ability to coordinate with system owners, technical teams, assessors, authorizing officials, privacy stakeholders, CORs, and program leadership.
• Public Trust / Suitability required; must be able to obtain and maintain required access for the duration of the assignment.
Preferred Qualifications
• Strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37 for RMF/security authorization.
• Experience using DOJ JCAM or similar governance, risk, and compliance systems to manage authorization artifacts, evidence, and authorization status.
• Prior DOJ, BOP, or federal law enforcement cybersecurity support experience.
• Experience supporting on-premises, cloud, hybrid, air-gapped, or classified federal systems.
• Strong written communication skills with the ability to produce audit-ready cybersecurity documentation and executive-level risk summaries.
group id: 91008401
