Cybersecurity Assessment & Authorization SME
Electrosoft Services, Inc. is an award-winning company that provides comprehensive technology-based solutions and services to federal customers. While cybersecurity is our specialty, we also focus on ICAM, enterprise IT modernization, and software solutions. We always seek to delight our customers, so we retain highly qualified employees and offer them meaningful work, growth opportunities, and work-life balance. What sets us apart from all other contractors is the sense of teamwork our employees feel – and the knowledge that outstanding effort is recognized and rewarded. The camaraderie we share emanates from Lunch & Learn sessions where we explore new ideas together, fun group activities ranging from escape rooms to miniature golf, and much, much more. If we’ve described you and your dream workplace, please apply and share in the many benefits and opportunities we offer. Cybersecurity Assessment & Authorization SME Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes. Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization. Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
Key Responsibilities
Assessment & Authorization (A&A): Perform or advise on the RMF process for authorizing DoD information systems, including preparing and reviewing authorization packages Security Control Evaluation: Apply NIST 800-53 controls to assess compliance in large-scale IT infrastructures with multiple enclaves, AIS applications, and outsourced IT Vulnerability Analysis: Identify, assess, and determine the severity of vulnerabilities (e.g., non-compliant controls) and their impact on system authorization status POA&M Management: Develop, track, and update Plan of Action and Milestone Plans (POA&Ms) for remediation of control deficiencies Stakeholder Briefings: Present RMF progress, risk posture, and authorization status to senior management and technical teams Policy & Process Support: Ensure cybersecurity documentation, procedures, and processes align with DoD policies and enterprise standards Collaboration: Work with system owners, cybersecurity teams, and government representatives to resolve security findings and apply STIGs Emerging Tech Expertise: Support cybersecurity for cloud environments, Industrial Control Systems (ICS), Warehouse Execution Systems (WES), and Operational Technology (OT) Typical Daily Tasks Run and analyze system/software scans for vulnerabilities. Coordinate with Information System Security Managers (ISSMs) on vulnerability management. Support Agile release processes with embedded testers. Review and move issues through the authorization process. Generate audit-ready reports on compliance, risk, and remediation status Basic Qualifications Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience DOD cybersecurity experience Must have IA Level III Certification to meet 8140 compliance Must have a SECRECT Clearance and be able to obtain or currently possess IT-II Non-Critical Sensitive security clearance or Tier 3 (T3) Experience in assessing security controls and conducting authorization reviews for large, complex organizations. Experienced in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures, and processes. Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures. Undergraduate Degree Preferred. Pay Range $120,000—$125,000 USD Electrosoft is an Equal Opportunity Employer/Veterans/Disabled Apply To This Job