CYBERSECURITY ASSESSMENT AND AUTHORIZATION SUBJECT MATTER EXPERT (SME)

Position Summary

Key Responsibilities

• Updates and tracks POA&M entries by documenting findings, logging remediation actions, and keeping milestone dates current to ensure issues move toward closure.
• Proven ability to work independently and collaboratively with minimal oversight
• Ability to generate clear, accurate, and audit-ready cybersecurity reports, including vulnerability summaries, compliance status updates, and risk findings for technical and leadership audiences
• Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization.
• Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization.
• Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.

Required Qualifications

• Ten (10) years of relevant Risk Management Framework (RMF) and NIST A&A experience

• DOD cybersecurity experience
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
• Strong research, analytical, and problem-solving skills
• Strong understanding of DoD cybersecurity requirements, including documenting and developing artifacts for STIGs, TCG configuration guides, IAVMs, and Task Orders
• Exceptional ability to develop, maintain, and validate RMF artifacts and cybersecurity Documentation
• Proficiency with analytical tools such as Microsoft Excel, Access, Power BI, and Power Platforms
• Experience producing detailed analytics and trend reports using data from vulnerability scanners, configuration tools, and security platforms to support decision-making and inspection readiness
• Excellent written and verbal communication skills, including the ability to brief leadership and produce clear documentation
• Experienced in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures, and processes.
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud, information technology (IT), Industrial Control Systems (ICSs), or Operational Technology (OT) infrastructures.
• Required to possess a DOD SECRET Clearance and be eligible for an IT-II Non-Critical Sensitive Security clearance or Tier 3 (T3) upon assignment.

Why Join Nationwide IT Services?