Sr. Information Assurance Specialist

The candidate will serve as a senior Information Assurance Specialist responsible for leading Risk Management Framework (RMF) execution, Authority to Operate (ATO) management, and Information Assurance governance across a federal cybersecurity modernization program. They will plan and lead major IA work assignments across a multi-cloud General Support System (GSS) spanning AWS Gov Cloud, Azure Government Community Cloud (GCC), Google Cloud Platform (GCP), and centralized cloud administration, functioning as the technical authority across multiple project lines and supervising junior IA personnel.

The ideal candidate will champion the program's transition from manual, document-driven compliance to engineering-driven Governance, Risk, and Compliance (GRC). They will own the strategy and quality of System Security Plans, Security Assessment Reports, POA&Ms, and ATO packages, and partner with automation engineers to translate security requirements into machine-readable code aligned with DoDI 8510.01 (RMF), NIST SP 800-53, and DISA STIGs.

They will interface directly with Authorizing Officials (AOs), Information System Security Managers (ISSMs), and agency leadership on IA strategy, ATO posture, and risk acceptance decisions, ensuring continuous monitoring outputs from AWS Security Hub, Microsoft Defender for Cloud, and GCP Security Command Center are correlated, prioritized, and remediated in accordance with agency risk tolerance.

• Lead the identification and assessment of security risks, threats, and vulnerabilities across agency networks, systems, applications, and emerging technology initiatives.
• Direct the development, testing, and operation of enterprise security tooling — including firewalls, intrusion detection systems, anti-virus platforms, and software deployment systems — across cloud and legacy environments.
• Plan and lead RMF authorization efforts: own the strategy and quality of System Security Plans, Security Assessment Reports, POA&Ms, and ATO packages.
• Function as the technical expert across multiple project assignments, evaluating performance results and recommending changes affecting short-term project growth and long-term IA posture.
• Translate agency security requirements into automated, version-controlled compliance checks aligned with DoDI 8510.01 (RMF), NIST SP 800-53, and DISA STIGs, partnering with automation engineers on Policy-as-Code (PaC) implementation.
• Oversee continuous monitoring outputs from AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, and other DoD-approved services; ensure findings are correlated, prioritized, and remediated in accordance with agency risk tolerance.
• Apply current IA policy, tactics, techniques, and doctrine to agency reporting requirements; support the development and implementation of IA doctrine and policies.
• Interface with Authorizing Officials, ISSMs, and agency leadership on IA strategy, ATO posture, and risk acceptance decisions.
• Mentor and supervise junior IA personnel; contribute to governance meetings, stakeholder workshops, and workforce training that sustain enterprise adoption of automated controls and achieve cross-training of at least 90% of the agency GRC team within 12 months.

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or equivalent.
• Ten (10) years of general Information Assurance or cybersecurity experience.
• Demonstrated experience leading RMF authorization activities and ATO efforts in DoD or federal environments.
• Comprehensive knowledge of NIST SP 800-53, NIST RMF, DoDI 8510.01, DISA STIGs, and DoD-approved cloud security baselines.
• Experience supervising junior IA staff and serving as a technical authority across concurrent project lines.
• Experience interfacing with Authorizing Officials, ISSMs, and senior government stakeholders on risk and ATO decisions.
• Experience producing high-quality, technically accurate IA artifacts that support enterprise security and privacy objectives.

• DoD 8570 / 8140 IAM Level II or higher baseline certification (CISSP, CISM, CASP+, or equivalent).
• Experience supporting Authorizations to Operate for cloud and hybrid environments using NIST RMF and DoD-specific baselines.
• Experience implementing Policy-as-Code (PaC) frameworks to automate control enforcement, compliance validation, and security evidence collection.
• Familiarity with multi-cloud architectures spanning AWS Gov Cloud, Azure Government, and Google Cloud Platform.
• Familiarity with Open Security Controls Assessment Language (OSCAL) and machine-readable representation of control catalogs and assessment results.
• Experience introducing automation, engineering practices, and innovation into GRC programs to improve efficiency and reduce manual work.

• Active U.S. Security Clearance is required.
• This hybrid role requires onsite work at a Department of Defense (DoD) facility.