user avatar

Cybersecurity Assessment & Authorization (A&A) Subject Matter Ex

Marathon TS Inc

Posted today

Job Requirements

Secret Polygraph Unspecified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries

Job Description

Location: Fully Remote (U.S. Based)
Employment Type: Full-Time
Position Type: Government Contract Opportunity
Position Overview
We are seeking an experienced Cybersecurity Assessment & Authorization (A&A) Subject Matter Expert (SME) to support a federal government cybersecurity program. This role is responsible for leading Assessment and Authorization (A&A) activities in accordance with the Department of Defense (DoD) Risk Management Framework (RMF), ensuring information systems meet cybersecurity compliance requirements and maintain Authorization to Operate (ATO) status.
The ideal candidate possesses extensive experience applying the NIST Risk Management Framework (RMF) and NIST SP 800-53 security controls within large, complex enterprise environments. This individual will work closely with government stakeholders, system owners, engineers, cybersecurity teams, and Authorizing Officials to assess risk, validate security controls, and support the authorization lifecycle for enterprise information systems.
This is a fully remote position supporting a federal government customer. Candidates must be U.S. citizens and meet the required security clearance and certification requirements.

Key Responsibilities
  • Lead Assessment and Authorization (A&A) activities throughout the Risk Management Framework (RMF) lifecycle.
  • Support the authorization, reauthorization, and continuous monitoring of federal information systems.
  • Evaluate security controls in accordance with NIST SP 800-53 and applicable DoD cybersecurity policies.
  • Conduct comprehensive security control assessments and authorization reviews for enterprise-scale environments.
  • Analyze vulnerabilities, determine residual risk, and evaluate the potential impact to system authorization status.
  • Develop, review, and maintain RMF documentation, including:
    • System Security Plans (SSPs)
    • Security Assessment Reports (SARs)
    • Plans of Action & Milestones (POA&Ms)
    • Risk Assessment Reports
    • Authorization Packages
  • Collaborate with Information System Owners (ISOs), Information System Security Managers (ISSMs), Information System Security Officers (ISSOs), engineers, and Authorizing Officials throughout the authorization process.
  • Provide cybersecurity guidance for cloud environments, operational technology (OT), enterprise enclaves, applications, and outsourced IT services.
  • Monitor compliance with DoD cybersecurity directives, NIST standards, and organizational security policies.
  • Support continuous monitoring activities and ongoing authorization efforts.
  • Present findings, risk assessments, and authorization status updates to senior government leadership.
  • Recommend remediation strategies to resolve security control deficiencies and reduce organizational risk.
  • Serve as a trusted cybersecurity advisor on Assessment & Authorization best practices.


Required Qualifications
  • Minimum five (5) years of experience supporting Cybersecurity Assessment & Authorization (A&A) activities.
  • Demonstrated experience implementing the DoD Risk Management Framework (RMF).
  • Experience applying NIST SP 800-53 security controls and conducting cybersecurity assessments.
  • Experience supporting Authorization to Operate (ATO) packages for federal information systems.
  • Experience assessing security controls within large, complex enterprise environments.
  • Strong understanding of cybersecurity risk management principles and authorization processes.
  • Experience identifying security vulnerabilities and evaluating residual risk.
  • Ability to communicate technical cybersecurity concepts to both technical and executive audiences.
  • Excellent analytical, documentation, and problem-solving skills.


Preferred Qualifications
  • Experience supporting the Defense Logistics Agency (DLA) or other Department of Defense organizations.
  • Experience supporting enterprise environments consisting of:
    • Cloud-hosted services
    • Operational Technology (OT)
    • Enterprise enclaves
    • Mission applications
    • Hybrid infrastructures
  • Experience with Continuous Monitoring (ConMon) programs.
  • Familiarity with DoD Enterprise Mission Assurance Support Service (eMASS).
  • Experience preparing executive briefings and cybersecurity risk presentations.


Security Clearance Requirements
  • Active Secret Security Clearance (required)
  • Must possess a Moderate Risk, Non-Critical Sensitive (Tier 3 / NACLC / ANACI) investigation at the time of proposal submission.


Certification Requirements
Candidates must possess a current DoD 8570/8140 Baseline Certification meeting:
  • Information Assurance Management (IAM) Level III
Examples include (or equivalent approved certifications):
  • CISSP
  • CISM
  • GSLC
  • CCISO


Desired Skills
  • DoD Risk Management Framework (RMF)
  • NIST SP 800-53
  • NIST Cybersecurity Framework
  • eMASS
  • Security Control Assessments
  • Authorization to Operate (ATO)
  • Continuous Monitoring (ConMon)
  • Vulnerability Management
  • Cyber Risk Analysis
  • Security Documentation
  • Enterprise Cybersecurity
  • Cloud Security
  • Operational Technology (OT) Security
  • Executive Communications


#cjjobs
Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status ").
group id: 10362312

Similar Jobs


Job Category
IT - Security
Clearance Level
Secret