Hybrid | 2-3 days on-site in Washington D.C. 

Current TS/SCI required

Summary

The Cyber Security Subject Matter Expert (SME) will play a key role in ensuring the security and compliance of enterprise production applications within a cloud-based environment. The SME will work closely with the Development, Cloud, and DevSecOps teams, as well as the Information System Security Officer (ISSO), Information System Security Manager (ISSM), and Security Control Assessor (SCA), to support the full lifecycle of system authorization activities—including achieving and maintaining Authority to Operate (ATO) or Authority to Connect (ATC). The ideal candidate will provide expert guidance on cybersecurity architecture, coordinate CONOPS and design reviews, drive remediation of security findings, and develop cybersecurity standards and frameworks across the program—rooted in Zero Trust principles.

Responsibilities

• ATO/ATC Support:
  Lead and coordinate efforts to obtain and maintain ATO/ATC for production systems, ensuring compliance with applicable security frameworks.
• Collaboration Across Teams:
  Partner with Development, Cloud, and DevSecOps teams to integrate security throughout the SDLC and CI/CD pipelines, ensuring secure-by-design implementations.
• Architecture & CONOPS Coordination:
  Review and contribute to system architectures, data flows, and Concept of Operations (CONOPS) documents to ensure alignment with Zero Trust principles and organizational security policies.
• Security Findings Management:
  Support and track the remediation of vulnerabilities and deficiencies identified through scans, assessments, and audits; create and manage Plans of Action & Milestones (POA&Ms) as required.
• Cybersecurity Standards Development:
  Develop and maintain enterprise cybersecurity standards, guidelines, and best practices to ensure consistent implementation of security controls across all program systems.
• Continuous Monitoring:
  Support ongoing assessment and authorization (A&A) activities, including risk assessments, configuration management, and continuous monitoring reporting.
• Zero Trust Implementation:
  Guide teams in applying Zero Trust Architecture (ZTA) principles—identity-centric access control, micro-segmentation, least privilege, and continuous validation—to all system designs and processes.

Requirements

• 5+ years of progressive experience in cybersecurity, with at least 3 years supporting federal ATO/ATC processes.

• In-depth knowledge of NIST RMF, FedRAMP, and Zero Trust Architecture frameworks.

• Experience collaborating with ISSOs, ISSMs, SCAs, and engineering teams.

• Familiarity with AWS cloud environments and DevSecOps pipelines.

• Strong technical understanding of network security, IAM, encryption, and vulnerability management.

• Excellent communication and coordination skills.

Preferred Qualifications

• CISSP, CISM, CAP, or equivalent cybersecurity certification.
• Experience with containerized applications, infrastructure as code (IaC), and continuous compliance tools.

Clearance Requirements

• Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Must have a current TS/SCI
  

Education/Certification Requirements

• A Bachelor's degree in Computer Science, Information Systems, or a related field is required for this position