Serve as the cybersecurity SME for all Assessment and Authorization (A&A) activities, ensuring compliance with DoD and NIST requirements.
Perform RMF activities for systems undergoing authorization, including control assessment, documentation review, and risk analysis.
Apply expert understanding of NIST SP 800‑53 security controls and their relevance to large, complex IT infrastructures composed of multiple enclaves, applications, and outsourced services.
Identify vulnerabilities, determine severity levels, and assess potential impacts on system authorization status.
Conduct comprehensive authorization reviews for enterprise‑level systems and environments.
Brief senior leadership on RMF progress, findings, risks, and recommended courses of action.
Support the development, implementation, and refinement of cybersecurity policies, procedures, and processes aligned with DoD requirements.
Apply cybersecurity expertise to emerging technologies, including cloud services, Industrial Control Systems (ICS), warehouse execution systems, and Operational Technology (OT).
Evaluate and apply cybersecurity controls for modern computing environments such as hybrid cloud, edge computing, and IoT-related architectures.

Must have an active Secret clearance.
Minimum five (5) years of relevant Risk Management Framework (RMF) and NIST Assessment & Authorization (A&A) experience.
DoD cybersecurity experience supporting enterprise‑level systems.
Demonstrated experience assessing security controls and conducting authorization reviews for large, complex organizations.
Strong understanding of DoD cybersecurity policies, procedures, and the DoD authorization process.
Knowledge of cybersecurity considerations for emerging technologies, including Cloud, ICS, OT, and related systems.

Cybersecurity Assessment and Authorization, Subject Matter Expert

Key skills