Serves as a cybersecurity SME for Assessment and Authorization (A&A) of information systems, applying NIST 800-53 security controls and the Risk Management Framework (RMF) process.
Possesses five years of relevant RMF, NIST, and A&A experience, including assessing security controls for large, complex organizations like DLA.
Briefs senior management on authorization progress and understands cybersecurity in emerging technology areas such as Cloud and Industrial Control Systems.
Collaborate with cross-functional teams to apply cybersecurity best practices across systems, applications, and cloud environments.
Lead portions of cybersecurity assessments across the technology stack, identifying vulnerabilities and recommending remediation strategies.
Assist in shaping cybersecurity risk management activities, helping prioritize and guide security initiatives to protect critical assets.
Rise8 builds custom, secure software for government organizations, measuring success by impact: lives saved, time returned, and missions advanced. Certified as a Great Place to Work® with 100% of employees saying they love working here, Rise8 offers a culture rooted in kindness, candor, and continuous learning.
Maintain Risk Management Framework artifacts for DevSecOps pipeline inheritance of NIST SP 800-53 controls.
Complete and validate STIG/SRG checklists quarterly and provide monthly application STIG status reports.
Evaluate program risks, document mitigation strategies, and recommend courses of action to ensure continuous ATO compliance.
DecisionPoint is a company providing cloud services and DevSecOps solutions, supporting ARTRANS AWS environments. It is a regular full-time employer fostering a culture of security and compliance, with an active Secret clearance required for this role.
Lead and execute RMF compliance activities in accordance with DoD and NIST requirements, supporting system accreditation and ATO efforts.
Conduct STIG and SRG assessments across Windows, Linux, database, cloud, and application environments using tools such as SCC and STIG Viewer.
Analyze vulnerability scan results, develop and maintain POA&Ms, and track remediation activities to closure.
Peraton is a next-generation national security company that drives missions of consequence across land, sea, space, air, and cyberspace. As a leading mission capability integrator and enterprise IT provider, we deliver trusted solutions to protect our nation and allies, supporting essential government agencies and every branch of the U.S. armed forces.
Lead Risk Management Framework activities for a federal AI platform deployment in AWS GovCloud.
Own authorization artifacts and coordinate with ISSOs and Authorizing Officials for ATO.
Partner with platform engineers on cloud and container security, vulnerability management, and hardening.
LMI is a digital solutions provider dedicated to accelerating government impact with innovation and speed, bringing commercial-grade platforms and mission-ready AI to federal agencies. Headquartered in Tysons, Virginia, it serves the defense, space, healthcare, and energy sectors, with a culture more startup than traditional government contractor.
Lead RMF authorization activities, including SSP, SAP, SAR, and POA&M development.
Conduct vulnerability assessments and enforce secure configurations using CIS Benchmarks and DISA STIGs.
Support cloud security initiatives in AWS GovCloud and advise on AI-enabled system security.
This company provides cybersecurity solutions for federal government systems. They are a mid-sized organization with a collaborative culture focused on security and compliance.
Own RMF authorizations across Department of War components and FedRAMP High, alongside CMMC 2.0 and SOC 2 compliance for corporate systems.
Maintain authorization and audit evidence, including SSPs, SARs, POA&Ms, STIGs, and control mappings.
Partner with Engineering, Product, and Security to embed compliance requirements into system design and CI/CD workflows.
Onebrief builds collaboration and AI-powered workflow software for military planning and operational coordination. Founded in 2019, valued at over $2 billion, they are a distributed team of builders from military, operational, and technology backgrounds.
Design and implement enterprise security controls aligned with NIST SP 800-53 and Zero Trust Architecture principles.
Conduct continuous security monitoring, incident response, and vulnerability management across cloud, network, and endpoint environments.
Develop and maintain cybersecurity SOPs, security baselines, and asset inventories to support audit readiness.
DMI is a leading provider of digital services and technology solutions, headquartered in Tysons Corner, VA, supporting public sector agencies and commercial enterprises globally. Recognized as a Top Workplace, the company delivers secure, efficient, and cost-effective solutions through a culture guided by five core values.
Serve as a trusted advisor to clients, defining and advancing cybersecurity strategy over multi-year engagements.
Develop prioritized security roadmaps and advise on governance, risk, and compliance frameworks.
Translate technical risk into business language for executives and boards, owning the advisory relationship.
Apollo Information Systems is a cybersecurity services company delivering comprehensive security and compliance programs, pioneering a cybersecurity-as-a-service model. Backed by Series A funding, we foster a collaborative, mission-driven culture with deep expertise, and primarily work remotely with a hub in Denver.
Focus on developing and delivering compliance solutions and strategies for Commercial, Defense Industrial Base, and State/Local customers.
Conduct compliance audits, assessments, and gap analyses to identify areas for improvement.
Author policies, plans, and procedures in CJIS and FedRAMP environments while serving as a trusted advisor to customers.
Planet Technologies is the leading provider of Microsoft consulting services to public sector and commercial organizations, specializing in building custom solutions that transform business operations. They are a growing team with collaborative peers and caring leaders, focused on high-profile client projects.
Conduct IT and cybersecurity risk assessments across systems, applications, and business processes.
Lead audit readiness activities for frameworks like SOC 2, HIPAA, and NYDFS.
Manage security policies, third-party vendor assessments, and develop risk dashboards.
Jobgether uses an AI-powered matching process to connect candidates with hiring companies. They focus on efficient, objective application review and are a remote-first organization.
Support cybersecurity efforts across multiple projects within the VA Health portfolio, including ATO remediation, system scans, and artifact development.
Communicate and provide consultative support on system security certification & accreditation, coordinating with internal and external project stakeholders.
Identify and mitigate risks, support team of cyber professionals, and build artifacts in accordance with NIST and VA guidelines.
LTS provides IT program management and cybersecurity support for the Department of Veterans Affairs Health Portfolio. The company values innovation, growth, collaboration, and quality, offering comprehensive benefits and a career path that rewards ambition and performance.
Monitor security alerts, vulnerabilities, and incidents across enterprise systems and assist in incident response.
Maintain compliance with standards such as NIST CSF, ISO 27001, and SOC 2 through audits and policy development.
Conduct security risk assessments, evaluate controls, and track remediation plans.
Mission Critical Group is an end-to-end power solutions and services provider that accelerates time-to-power for mission critical environments. With over 1.5 million square feet of U.S. manufacturing capacity, they support data centers, healthcare, and industrial facilities.
Consult onsite and remotely with customers to collect and analyze data related to policies, infrastructure, and compliance requirements.
Perform gap analyses of current environments and recommend remediation steps.
Assist with sales and marketing activities as a subject matter expert and prepare industry presentations.
CampusGuard provides information security and privacy consulting and compliance services for campus-based organizations. It is a full-service firm leveraging industry standards to deliver world-class security and compliance services.
Lead formal CMMC Level 2 assessments for defense industrial base organizations pursuing certification.
Manage and mentor assessment teams, evaluate evidence against NIST SP 800-171 practices, and produce defensible findings.
Serve as the primary client point of contact, plan scope, and make final certification outcome decisions.
Sentinel Blue is a cybersecurity company focused on bringing enterprise-class cybersecurity to small and medium businesses. They are a young, fast-paced company that operates fully remote, constantly learning and pushing the envelope.
Design, deploy, and maintain secure cloud environments in AWS and Azure with compliance to DoD frameworks.
Configure IAM, RBAC, and cloud networking like VPC peering and VPNs for secure operations.
Support Infrastructure-as-Code using Terraform, CloudFormation, and optimize cloud resources for cost and security.
Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. They deliver tailored solutions and trusted results to enable national security missions worldwide.