Senior IT Security A&A Specialist
OCT Consulting LLC
CloudCyber Security
Cybersecurity Specialist
ARETUM
full-time
Posted on:
Origin: • 🇺🇸 United States • District of Columbia, Washington
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
Cloud
About the role
- Lead authorship of the System Security Plan (SSP) from first draft to approval, written in clear, testable language that supports an ATO decision
- Perform security categorization under FIPS 199 and derive baseline requirements from FIPS 200 and NIST SP 800-53 Rev 5 with appropriate tailoring
- Build a complete and coherent authorization package that explains the system boundary, users, data types and flows, risks, and how controls are met
- Translate technical inputs into specific control narratives that can be verified by assessors and traced to actual configurations
- Collect, verify, and index evidence for every control, linking statements to diagrams, configurations, tickets, and scan results
- Record, organize, and quality-check all artifacts in CSAM with consistent naming, metadata, and cross-references ready for audit
- Keep documentation current as the system changes by capturing deltas promptly and updating only the affected sections
- Plan and run readiness reviews before assessments, close gaps, and prepare concise responses to findings
- Manage POA&M items through closure with clear actions, owners, and target dates
- Create and maintain templates and checklists that reduce review time and improve consistency across systems
- Coordinate with the ISSO, assessors, the Authorizing Official, engineers, and vendors to keep schedules and deliverables on track
- When cloud services are used, align with applicable FedRAMP baselines and document inherited controls clearly
- Communicate risks and decisions in straightforward terms so leadership can approve with confidence and reviewers can verify quickly
- Support proposal efforts as needed, including resume formatting, skills alignment summaries, participation in meetings, and contributing subject matter expertise
- Handle Controlled Unclassified Information (CUI) and adhere to applicable safeguarding and compliance requirements
Requirements
- 3 years of experience supporting federal government compliance
- Demonstrated experience producing federal FISMA RMF authorization documentation that resulted in an ATO or successful assessments
- Strong track record authoring SSP and POA&M with precise control statements and accurate mapping to evidence
- Working knowledge of NIST SP 800-37, NIST SP 800-53 Rev 5, NIST SP 800-53A, NIST SP 800-18, NIST SP 800-30, FIPS 199, and FIPS 200
- Ability to elicit engineering details and turn them into assessor-ready narratives with clear boundaries and data flows
- Hands-on experience managing authorization packages in CSAM with disciplined organization and traceability
- Familiarity with common assessment evidence and scanner outputs and how they map to NIST 800-53 controls and POA&M entries
- Clear, concise writing, strong attention to detail, version control discipline, and the ability to drive edits and approvals across teams
- Willing to commute to Washington, D.C. 4 days a week
- Eligible to obtain a Public Trust
- Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time basis (no sponsorship)
Similar jobs on JobTailor
Security Expert III, ISSM
Shee Atiká
CloudCyber SecurityiOSJavaScriptSDLC
Cloud Cybersecurity Artifact Collector
CACI International Inc
AWSAzureCloudCyber Security
FedRAMP Cybersecurity Analyst, Junior
Motorola Solutions
CloudCyber SecurityPython
RMF Security Engineer
Powder River Industries
CloudCyber SecurityJavaScript