As a Cyber Security Engineer (Cloud/ATO Steward) you will work with system owners to create their ATO packages. Review and create artifacts that comply with the VA’s authorization requirements, and compliance and map those artifacts to the appropriate NIST 800-53 controls such as Assessment Procedures (AP) testing and evaluation. Review and help to write control implementation statements. Work with system teams to review, update, and create their POAMs and help system teams to navigate the Enterprise Mission Assurance Support System (eMASS) GRC tool. Provide guidance and support to system teams throughout every step of the RMF process and eMASS workflow. This position is open to remote delivery anywhere within the U.S., including the District of Columbia.
- Must have experience with eMASS
- Experience with supporting system Authority to Operate (ATO) processes, Artifact Development processes, Security Control implementation details, and Plan Of Action & Milestones (POA&M)
- Experience with leading and managing cyber teams
- Experience with client management and engagement
- Knowledge of the Risk Management Framework (RMF) and NIST 800-53 Rev. 4
- Ability to facilitate meetings
- Ability to analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, coordinate directly with system team stakeholders, and implement work activities in accordance with established Standard Operating Procedures (SOPs)
- Ability to work independently and in teams
- Ability to work core business hours of 8 AM to 5 PM (EST), Monday through Friday
- Experience with ATO requirements, artifact orchestration, and review experience
- Experience with POAM Lifecycle management
- Experience with the Security Technical Implementation Guide (STIG) Viewer
- Experience with federal IT and Cloud security policies
- Knowledge of the system security scanner Tenable and or Nessus
- Knowledge of information technology concepts, cloud computing methodologies (PAAS, SAAS, IAAS), FedRAMP/AWS GovCloud, network/server topologies, and configurations
- Ability to articulate authorization requirements to varying degrees of staff/leadership
- CISSP or CISA or CAP or CISM or CRISC certification
To apply for consideration, please submit a comprehensive resume tailored to this job description. All work experience must include start and end dates (month and year). Education must cite school, degree, and year degree completed. Minimum required experience and education must be clearly illustrated in your resume. Offer to candidates is contingent upon successful background and clearance adjudication. Please submit your resume to firstname.lastname@example.org with the role title in the subject line.
Full-time W2 position, 100% remote, must be based in the U.S. and a U.S. Citizen. Full benefits include medical, dental, vision, STD, LTD, Life, PTO, and a 401k matching program. Compensation for this role is $95,000-$105,000/year.
Candidates who do not meet minimum requirements will not be considered.