Serves as a Cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. Possesses an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes. Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization. Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
RESPONSIBILITIES
Serve as the primary A&A cybersecurity SME, guiding assessment and authorization of Legacy AMPS systems.
Perform Risk Management Framework (RMF) assessments in accordance with NIST 800-53/800-37 guidelines.
Assess, evaluate, and document security controls for complex enterprise IT systems, including provisioning, SSO, and PAM environments.
Conduct Authorization Reviews for existing and new systems; determine impact of vulnerabilities and provide mitigation recommendations.
Coordinate with government stakeholders and PMO to ensure compliance with all applicable DoD cybersecurity policies, procedures, and regulations.
Prepare and deliver technical reports, briefing materials, and evidence for audit and security compliance reviews.
Monitor and maintain security posture of systems in development, test, and production environments, including Cloud and on-premises infrastructure.
Leverage AI/ML tools as appropriate to automate assessment tasks and identify potential security gaps.
Provide guidance on emerging cybersecurity technologies, cloud security, and identity governance within the DLA environment.
REQUIRED SKILLS & QUALIFICATIONS
Must hold Active Secret Clearance
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or related field.
Minimum 5+ years of relevant experience in RMF and NIST A&A assessments.
Strong knowledge of DoD/Federal cybersecurity policies and regulations.
Experience with Identity & Access Management (IAM) systems, Oracle Identity Manager, and SSO solutions.
Familiarity with Privileged Access Management (PAM) tools (e.g., CyberArk).
Hands-on experience assessing cloud (OCI, FedRAMP IL5) and on-prem systems.
Knowledge of vulnerability assessment, patch management, and security compliance auditing.
Excellent communication, documentation, and presentation skills; ability to liaise with government personnel and PMO staff.
If you are interested in getting more information about this opportunity, please contact Irina Rozenberg Recruiting@arielpartners.comat your earliest convenience.
At Ariel Partners, we solve the most difficult problems that inhibit technology from enabling our customers to achieve their goals. Our vision is to be recognized by our stakeholders as an elite provider of IT solutions, so when they have their biggest challenges, we are on their short list. We are looking for team members who share our values of: Integrity to do the right thing even when it hurts; Commitment to the long-term success and happiness of our customers, our people, and our partners; Courage to take on difficult challenges, accept new ideas, and accept incremental failure; and the constant pursuit of Excellence. Ariel Partners is an Equal Opportunity Employer in accordance with federal, state, and local laws.