Job Description
Job Description
Enterprise Solutions and Management (ESM) is a rapidly growing government contractor that provides strategic IT services that meet mission needs for Defense and Federal customers. We are hiring a Senior ATO/A&A Subject Matter Expert to support an enterprise-level program within a federal environment.
Job Description and Responsibilities
Leads the analysis of weekly Assured Compliance Assessment Solutions (ACAS) scan reports to identify and prioritize application-level vulnerabilities and drives remediation of Security Technical Information Guide (STIG) and ACAS findings by working directly with the technical team. Creates, documents, and manages Plans of Action and Milestones (POA&Ms) in eMASS for all open findings that cannot be immediately remediated. Implements and manages the continuous monitoring strategy, including tailoring, collecting, and reporting on all applicable Risk Management Framework (RMF) controls, and provides formal risk management status reports to the government. Serves as the primary cybersecurity liaison, coordinating with the Information System Security Manager (ISSM) and other stakeholders to review security policies and ensure cybersecurity is integrated throughout the program lifecycle. Ensures Ports, Protocols, and Services Management (PPSM) documentation is accurately maintained and updated. Conducts objective evaluations of system compliance against applicable security controls, standards, and procedures, and reports all noncompliance findings to the government. Applies extensive knowledge of security regulations and security assessments, including the development of numerous security Assessment and Authorization (A&A) packages and Authorizations to Operate (ATOs) for a variety of systems, including classified environments. Demonstrates strong working knowledge of NIST Special Publications, including NIST SP 800-53 for security control selection and NIST SP 800-37, with experience using the JCAM system preferred.
Required Knowledge, Skills and Abilities (KSA)
- Leads analysis of ACAS scan reports to identify, prioritize, and track application-level vulnerabilities, and coordinates remediation of STIG and ACAS findings with technical teams.
- Creates, documents, and manages Plans of Action and Milestones (POA&Ms) in eMASS for security findings that cannot be immediately remediated.
- Implements and maintains a continuous monitoring strategy under the Risk Management Framework (RMF), including control tailoring, assessment, tracking, and formal risk reporting to stakeholders.
- Serves as primary cybersecurity liaison, coordinating with the ISSM and other stakeholders to integrate cybersecurity requirements and security policy compliance throughout the system lifecycle.
- Conducts system compliance assessments and supports A&A/ATO activities, ensuring adherence to NIST SP 800-53 and NIST SP 800-37, and maintains PPSM documentation while reporting noncompliance findings.
Desired KSA
- Be a positive, self-motivated, and proactive person with the ability to adapt to change and tolerate stressful situations
- Candidate must communicate effectively with team members, team lead, management, and government customer
- Must have the ability and desire to research and develop creative solutions to unique problems with minimal supervision
Minimum Training, Education, and Certifications
- Bachelor's degree in Cybersecurity, Information Assurance, Information Systems, Information Technology, or related field
- Seven (7) years of experience supporting cybersecurity compliance, ISSO functions, information assurance, governance/risk/compliance (GRC), or related security activities.
Minimum Clearance
- Public Trust
Physical Requirements
- Required to stand, walk and sit; communicate verbally both in person and by telephone; use hands to finger, handle or feel objects or controls; reach with hands and arms. Regularly required to stoop, kneel, bend, crouch and lift up to 25 pounds. Specific vision abilities required by this job include close vision, distance vision, depth perception, color vision and the ability to adjust focus.
- Physical demands associated with this position include extensive walking (including stairs) throughout offices and between buildings. May require use of public transportation, personal or Government vehicle to drive to local and/or remote office locations.
Additional Requirements
- Other duties as assigned
ESM provides equal employment opportunity to all individuals regardless of race, color, creed, religion, gender, age, sexual orientation, national origin or ancestry, disability, genetic information, veteran status, gender identification or any other characteristic protected by state, federal or local law.