Cybersecurity Assessment and Authorization SME
Amyx, Inc. · United States · 1 mo ago
RemoteRemoteManagementFull-time
About the role
Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization.
Responsibilities
- Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization.
- Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
- Run and Analyze system and software scans.
- Develop and track POA&Ms relative to scan findings.
- Coincide with DLA ISSMs on vulnerability management and continuous ATO management.
- Work with Operations and Developments teams to address security findings, apply STIGs and manage the IAVA process.
- Conduct review meetings for reported issues with stakeholders and move issues through process.
- Participate and support a SAFe agile release methodology with testers embedded in the Agile Release Train (ART).
- Have the ability to communicate accurate information daily.
- Have practical and working knowledge of all Microsoft Office applications.
- Have analytical and critical thinking skills.
- Have quality interpersonal skills.
- Have quality oral and written communication skills.
Requirements
Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes.
Qualifications
- Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience.
- DOD cybersecurity experience.
- Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
- Experienced in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures, and processes.
- Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures.
- DOD Secret Clearance and must possess IT-II Non-Critical Sensitive security clearance or Tier 3 (T3).
Skills
- OCI Certified.
- Experience with an Agile Framework.
- Experience with the Continuous ATO process and integration of those processes with an Agile Framework.
Benefits
- Medical, Dental, and Vision Plans (PPO & HSA options available).
- Flexible Spending Accounts (Health Care & Dependent Care FSA).
- Health Savings Account (HSA).
- 401(k) with matching contributions.
- Roth Qualified Transportation Expense with matching contributions.
- Short Term Disability.
- Long Term Disability.
- Life and Accidental Death & Dismemberment.
- Basic & Voluntary Life Insurance.
- Wellness Program.
- PTO.
- 11 Holidays.
- Professional Development Reimbursement.
Pay
$100-140k
Schedule
Remote