DOJ - Sr. ATO SME -
cFocus Software Incorporated, Washington, District of Columbia, us, 20022
cFocus Software seeks a Sr. ATO SME to join our program supporting the Department of Justice (DOJ). This position is remote. This position requires a Public Trust clearance.
Qualifications:
Active Public Trust clearance
7+ years of experience in IT Project Management in both Waterfall and Agile environments.
7+ years of experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
7+ years of experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
7+ years of IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security A&A and ATO on a range of systems including classified systems.
Strong working knowledge with NIST Special Publications, NIST 800-53 for security control selection and NIST SP 800-37 SA using JCAM system is preferred.
Minimum of one of the following certifications:
CISA, CRISC, CISSP, CAP
Duties:
Serves as senior technical practitioner executing RMF tasks and supporting Lead ATO SME decision-making.
Executes assigned RMF activities and provides technical input and recommendations to the Lead.
Participates in stakeholder meetings and supports AO and SCOP interactions as directed by the Lead.
Performs system preparation activities (asset identification, boundary support, risk inputs, JCAM entries).
Performs data entry, validation, and updates within JCAM.
Develops system descriptions, performs CIA impact analysis, and prepares categorization documentation.
Supports IPAs, PIAs, and privacy documentation development.
Selects baseline controls, supports control mapping, and documents control selections in JCAM.
Documents control tailoring rationale and updates SSPP artifacts.
Supports development and maintenance of ISCM plans and artifacts.
Documents implemented controls, updates SSPP, and supports compensating control documentation.
Supports documentation and validation of automated control implementations.
Executes or supports control assessments and develops assessment evidence.
Drafts SARs, updates JCAM assessment artifacts, and supports evidence collection.
Develops, updates, and tracks POA&M.
Assembles authorization artifacts and supports risk analysis documentation.
Supports risk analysis documentation and threat matrix development.
Executes ongoing control assessments and updates RMF artifacts.
Conducts security impact analyses and updates SSPP/SAR/POA&M.
Supports preparation of security posture and status reports.
Develops system disposal documentation and supports retirement activities.
Develops and updates MOUs, ISAs, Incident Response Plans, CPs, and CMPs.
Supports review of FedRAMP packages and cloud control inheritance documentation.
Ensures assigned deliverables are accurate, complete, and timely.
May mentor junior staff and analysts.
#J-18808-Ljbffr
Qualifications:
Active Public Trust clearance
7+ years of experience in IT Project Management in both Waterfall and Agile environments.
7+ years of experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
7+ years of experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
7+ years of IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security A&A and ATO on a range of systems including classified systems.
Strong working knowledge with NIST Special Publications, NIST 800-53 for security control selection and NIST SP 800-37 SA using JCAM system is preferred.
Minimum of one of the following certifications:
CISA, CRISC, CISSP, CAP
Duties:
Serves as senior technical practitioner executing RMF tasks and supporting Lead ATO SME decision-making.
Executes assigned RMF activities and provides technical input and recommendations to the Lead.
Participates in stakeholder meetings and supports AO and SCOP interactions as directed by the Lead.
Performs system preparation activities (asset identification, boundary support, risk inputs, JCAM entries).
Performs data entry, validation, and updates within JCAM.
Develops system descriptions, performs CIA impact analysis, and prepares categorization documentation.
Supports IPAs, PIAs, and privacy documentation development.
Selects baseline controls, supports control mapping, and documents control selections in JCAM.
Documents control tailoring rationale and updates SSPP artifacts.
Supports development and maintenance of ISCM plans and artifacts.
Documents implemented controls, updates SSPP, and supports compensating control documentation.
Supports documentation and validation of automated control implementations.
Executes or supports control assessments and develops assessment evidence.
Drafts SARs, updates JCAM assessment artifacts, and supports evidence collection.
Develops, updates, and tracks POA&M.
Assembles authorization artifacts and supports risk analysis documentation.
Supports risk analysis documentation and threat matrix development.
Executes ongoing control assessments and updates RMF artifacts.
Conducts security impact analyses and updates SSPP/SAR/POA&M.
Supports preparation of security posture and status reports.
Develops system disposal documentation and supports retirement activities.
Develops and updates MOUs, ISAs, Incident Response Plans, CPs, and CMPs.
Supports review of FedRAMP packages and cloud control inheritance documentation.
Ensures assigned deliverables are accurate, complete, and timely.
May mentor junior staff and analysts.
#J-18808-Ljbffr