Senior A&A Risk Management Framework (RMF) Specialist - TS/SCI with Security Clearance

---

Job description

Security Control Assessor Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Our vision of cybersecurity as a holistic, ongoing journey enables us to offer solutions that effectively mitigate risks and address vulnerabilities within any enterprise. As the cyber landscape continuously evolves, so do we, ensuring our services not only meet but exceed the ever-changing needs of our mission-critical clients. From compliance assessments and vulnerability analysis to comprehensive information system security management, Apavo's suite of services is designed to protect and serve the most sensitive and significant sectors of our society. Joining the Apavo team means becoming part of a company rooted in the principles of integrity, quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members. If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive, dynamic environment, Apavo is the place for you. Roles and Responsibilities Support to the Assessment and Authorization (A&A) Risk Management Framework process for all client managed systems, networks, and enclaves (all security domains); ensure validity and accuracy review of all associated documentation; support remote sites when required Assist in the centralization of A&A files/documentation and maintain files/library; ensure the validity and integrity of all systems Create, update, and delete entries in databases utilized for the tracking of system and network compliance Ensure that all IA systems are properly documented with Configuration Management processes maintain the security accreditation status of systems/sites including the review of current documentation, site architectures and coordination with sites to ensure the documentation is accurate with the current site architecture, IAW Policy and processes Perform, participate and support all assessment and authorization (A&A) efforts for systems, networks, and applications (all security domains) IAW DoD and IC requirements Provide coordination for assessment metric submissions Provide direct support in the development of other A&A related systems bodies of evidence in accordance with current NIST, ICD, DIAD guidance, using the government provide A&A tool (i.e. XACTA) Provide security engineering assessments of proposed IT solutions Work in coordination with both internal and external systems administrators, configuration management, and network engineers to ensure proper configuration and adherence to security standards in regard to deployment actions Serve as Security Controls Assessors for formal Security Test and Evaluation, Conduct of Security Certifications of (DoDIIS) systems/networks/sites assessing security control compliance, providing guidance regarding remediation and mitigation of identified vulnerabilities Provide guidance on the application of security policy, identifying security requirements, providing technical guidance for the satisfaction of requirements, reviewing and determining the adequacy of required documentation Development of all supporting test reports and supporting artifacts and plan and action of milestones (POA&Ms) documenting open findings, preparation of formal authorization packages and oversight of the resolution of POA&Ms and development and maintenance of assessment and authorization enterprise schedules and metrics Provide support for management and maintenance of assessment and authorization repositories Perform security assessments at remote sites with collateral (includes, but not limited to, NIPR/SIPR) and/or TS/SCI AIS under the client's purview This is an on-site role. Required Qualifications Experience: 10 years' experience, or the equivalent combination of education, professional training and work experience. Education: Bachelor's Degree in Computer Science or a related technical discipline. Certifications: Must possess current DOD 8570 IAT III. Clearance: Must currently possess an active TS/SCI with the ability to obtain and maintain a CI polygraph.

<!– job description page –>