Source Job

• Serve as the primary cybersecurity point of contact for assigned DoD Information Systems.
• Collaborate with stakeholders to ensure system compliance and readiness.
• Develop, maintain, and update all RMF authorization and GRC documentation.

LMI is a digital solutions provider dedicated to accelerating government impact with innovation. Investing in technology and prototypes ahead of need, it brings commercial-grade platforms and mission-ready AI to federal agencies at commercial speed, employing agile methodology and collaboration.

• Develops and refines performance methodologies that support the cybersecurity requirements.
• Oversee independent assessments and review Security Impact Analyses (SIA).
• Incorporate compliance data into the Governance, Risk, and Compliance Tool (GRCT).

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. It is an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development.

• Manage and develop staff members under Product Compliance.
• Oversee and contribute to the vulnerability management lifecycle.
• Assess and serve as a subject matter expert for regulatory and compliance requirements.

ExtraHop is a company that focuses on network detection and response (NDR) to help organizations stay ahead of emerging threats. They integrate network threat detection, network performance management, intrusion detection, and packet forensics into a single console.

• Manage certification frameworks, including CMMC, NIST, and SOC 2.
• Develop, track, and maintain security and compliance policy documents.
• Analyze and review system configurations for security vulnerabilities.

Rubris Inc. provides transformational legal technology and solutions for complex business and legal processes in the mass tort industry. They streamline and automate processes to improve efficiency while delivering unprecedented insights and analytics.

• Lead the end-to-end Certification & Authorization (C&A) process for information systems.
• Maintain and update System Security Plans (SSPs), POA&Ms, and other FedRAMP/GovRAMP/NIST documentation artifacts.
• Oversee control gap analysis and drive remediation efforts across technical and administrative domains.

EBSCO Information Services (EBSCO) delivers a fully optimized research experience, seamlessly integrated with a powerful discovery platform to support the information needs of our end-users. Headquartered in Ipswich, MA, EBSCO employs more than 2,700 people worldwide, with most embracing hybrid or remote work models.

• Support ongoing FedRAMP authorization including SSP, POA&M, evidence, and 3PAO coordination.
• Manage and oversee NIST SP 800-53 compliance.
• Oversee continuous monitoring, vulnerabilities, incidents.

IFS is a billion-dollar revenue company with 7000+ employees on all continents. Their leading AI technology is the backbone of their award-winning enterprise software solutions, enabling customers to be their best when it really matters–at the Moment of Service™.

• Support the development, implementation, and maintenance of IT compliance policies, standards, procedures, and controls.
• Coordinate and support internal and external audits, including preparation of documentation, evidence collection, and remediation tracking.
• Perform periodic compliance assessments, gap analyses, and risk assessments against applicable frameworks and standards.

Xcelerate Solutions, founded in 2009 and located in McLean, VA, is a fast-growing company. The company is defined by a diversified workforce of dynamic and versatile professionals, with growth and development opportunities that contribute to individual and firm growth.

• Support security assessment activities and provide security assurance and governance for Deutsche Telekom projects related to Container-as-a-Service platforms.
• Work closely with international project teams, architects, and stakeholders to ensure solutions meet Deutsche Telekom security requirements.
• Define and review security best practices on Kubernetes to ensure compliance with security requirements.

Deutsche Telekom IT Solutions, a subsidiary of the Deutsche Telekom Group, was Hungary’s most attractive employer in 2025, according to Randstad’s representative survey. The company provides a wide portfolio of IT and telecommunications services with more than 5300 employees.

• Own end-to-end operational delivery for Keeper’s U.S. Federal deployments.
• Serve as a hands-on technical lead for federal platform operations.
• Lead cross-functional execution to align Engineering, Security, Product, QA, and Customer Success.

Keeper Security transforms cybersecurity for organizations globally with zero-trust privileged access management. Keeper’s intuitive solutions are built with end-to-end encryption and trusted by federal agencies including the Departments of Justice and Energy.

• Organize and direct the configuration, operation, and maintenance of information management systems.
• Analyze and resolve end-user software, application, and connectivity issues.
• Conduct capacity and performance analysis and recommend system configuration changes and upgrades.

CompTech is a service-oriented program management and technical company working to build lasting relationships. They are headquartered in Dayton, OH and provide services in client-focused practice areas to small and large companies, municipalities, and Government agencies.

• Independently manages day-to-day security operations, including threat monitoring and incident triage.
• Conducts systematic reviews of system logs and security alerts to uncover root causes.
• Owns the execution of recurring compliance tasks and audits, ensuring workflows meet data protection and regulatory requirements.

Garner Health aims to transform the healthcare economy by delivering high-quality and affordable care. They partner with employers to redesign healthcare benefits using incentives and data-driven insights, guiding employees to better care at lower costs. They are one of the fastest-growing healthcare technology companies.

• Lead the technical design, implementation, and ongoing security operations of a Microsoft 365 GCC High environment supporting Controlled Unclassified Information (CUI).
• Implement and evidence compliance with CMMC Level 2, DFARS 7012, and NIST 800-171 controls.
• Act as the technical owner of the GCC High enclave, partnering with Security, Legal, and IT to ensure audit readiness and successful certification by May 2026.

ServiceNow, founded in 2004, is a global market leader providing AI-enhanced technology to over 8,100 customers, including 85% of the Fortune 500. They offer an intelligent cloud-based platform that connects people, systems, and processes to empower organizations to find smarter, faster, and better ways to work.

• Provide SA/OSA subject matter expertise to the Information System Security and Authorization program.
• Review ATO packages under the RMF for customer systems and the systems of the external partners.
• Coordinate and assist with data calls and data collection efforts for audit and compliance reporting.

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. With operations across the U.S., they deliver innovative enterprise-wide solutions and targeted services to federal government clients. They value their people and systems to create value for their clients and foster a collaborative team culture.

• Support CMMC implementation efforts
• Conduct gap assessments against CMMC/NIST SP 800-171 requirements
• Assist with the development and updates to the System Security Plan (SSP) and POA&M

Broadway Ventures transforms challenges into opportunities with expert program management, cutting-edge technology, and innovative consulting solutions. As an 8(a), HUBZone, and Service-Disabled Veteran-Owned Small Business (SDVOSB), they empower government and private sector clients by delivering tailored solutions that drive operational success, sustainability, and growth.

• Ensure accuracy and consistency with compliance mandates and supporting documentation standards.
• Develop and present data visualization solutions using PowerBI and Power Automate to provide to senior leadership.
• Ensure that documentation, policy guidance, and reporting comply with federal standards (e.g., NIST, DHS, and OCIO) and support the ATO, SSA, and OSA processes.

SkyePoint Decisions is a Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider. They focus on enabling their clients to deliver their mission most efficiently and effectively. They are an established ISO 9001:2015 and ISO/IEC 27001:2013 certified small business and appraised at CMMI Level 3 for Services and Development with a collaborative team culture built upon individual performance and accountability.

• Conduct structured interviews with partner organizations, operational teams, and technical stakeholders.
• Documents end‑to‑end operational workflows and surface implicit, non‑documented practices.
• Identify workflow fragility zones, handoff risks, and transition‑period vulnerabilities.

Element serves as a partner at the intersection of innovation and our clients' needs, efficiently crafting meaningful user experiences for government and commercial customers. Our talented professionals bring unparalleled energy engagement, setting a higher standard for impactful work.

• Own and lead the FedRAMP High authorization program.
• Serve as the primary point of accountability for government compliance programs.
• Manage compliance roadmaps, milestones, dependencies, risks, and remediation efforts.

Commvault is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data.

• Own the strategy and execution for the Cloudflare ecosystem to secure the network edge.
• Lead the design of security controls within Google Cloud Platform, specifically for Vertex AI, BigQuery, VPC Service Controls, IAM, and Security Command Center.
• Embed security into CI/CD pipelines (Cloud Build, GitHub Actions) using Infrastructure as Code (Terraform).

Kareo and PatientPop joined forces to become Tebra, the digital backbone for practice well-being, helping independent practices bring modernized care to patients everywhere. Well over 100,000 providers trust them to elevate their patient experience and grow their practice.

• Serves as a cybersecurity Subject Matter Expert (SME) regarding OT Authorization of information systems and all associated cybersecurity policies and procedures.
• Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization.
• Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control), and determines the possible ramifications on the system’s current or future authorization.

Amyx is an equal-opportunity employer and a VEVRAA federal contractor. They are committed to considering all qualified candidates regardless of race, color, religion, national origin, age, disability, sexual orientation, gender identity, status as a protected veteran, or any other characteristic protected by law.

• Own the organization's security posture.
• Own our SOC 2 Type 2 and HIPAA compliance programs.
• Own IT operations end-to-end, from onboarding to offboarding.

Counterpart helps small businesses do more with less risk. They pair leading insurance experts with cutting-edge technology to empower small business owners to grow with confidence.