Jobs · Information Technology · Virginia

ISM Security Specialist (ATO / IATT Focus) with Security Clearance

D9Tech Resources LLC · Alexandria, VA · 1 mo ago
Information TechnologyFull-time

Overview

We are seeking a hands-on Information System Security Manager (ISM/ISSO) with deep experience guiding systems through the IATT and ATO lifecycle. This is a documentation-heavy, stakeholder-facing authorization role supporting federal and Department of Defense missions. The right candidate has lived inside the RMF process from initiation through authorization, knows the artifacts cold, and can keep a system audit-ready long after the ATO is granted.

What You'll Do

  • Lead and support ATO and IATT processes from initiation through authorization.
  • Develop and maintain RMF documentation, including the SSP, POA&M, SAR, and supporting body-of-evidence artifacts.
  • Partner with system owners, engineers, and assessors to ensure compliance with federal security frameworks (NIST 800-53, FedRAMP, DoD RMF).
  • Work day to day in eMASS, XACTA, or comparable assessment and authorization tooling.
  • Drive continuous monitoring and sustain audit readiness across the authorization boundary.
  • Communicate clearly across cross-functional teams, translating control requirements into actionable work.

Required Qualifications

  • Active TS/SCI clearance.
  • 5+ years of hands-on experience supporting ATO, IATT, and RMF in federal or DoD environments.
  • Demonstrated experience authoring and maintaining RMF documentation (SSP, POA&M, SAR, and related artifacts).
  • Working knowledge of NIST 800-53, FedRAMP, and DoD RMF.
  • Hands-on experience with eMASS, XACTA, or a comparable A&A platform.
  • Ability to work a hybrid schedule with in-person presence in Alexandria, VA approximately 2-3 days per week.
  • Strong written and verbal communication, with the ability to work effectively in cross-functional teams.

Preferred Qualifications

  • DoD 8570/8140 certification (Security+, CISSP, CISM, or CASP+/SecurityX).
  • Experience with continuous monitoring (ConMon) and recurring audit cycles.
  • Familiarity with DISA STIGs, ACAS/Nessus, or SCAP.
  • Exposure to cloud authorization boundaries across IL4 through IL6.

Work Model and Location

This is a hybrid role. The selected candidate must be able to work on-site in Alexandria, VA (DMV area) roughly 2-3 days per week, with the balance performed remotely. Candidates should be local to the DMV area or able to reliably commute to it.

Similar jobs