A&A Technical Site Lead​/Deputy Project Manager

A&A Technical Site Lead / Deputy Project Manager

Job Category: Security Time Type: Full time Minimum Clearance Required to Start: Secret Employee Type: Regular Percentage of

Travel Required:

Up to 10%
Type of Travel: Continental US

As the Project Manager and Technical Lead, you will be responsible for the following:

• Serve as onsite Project Manager and representative of assigned department for meetings and efficiently lead internal resources to meet established milestones and targeted completion dates.
• Provide guidance, coaching and training to 10+ employees of assigned teams.

• Review security control package submissions from validator staff.
• Subject Matter Expert in the Risk Management Framework Steps 0 to 7.
• Demonstrate experience applying the Risk Management Framework (RMF) to cloud environments, including assessing and mitigating cloud‑specific risks.
• Provide the United States Coast Guard (USCG) with tailored documentation to support their security authorization.
• Plan and execute security control assessments for various information systems within the organization.
• Develop and maintain assessment procedures and methodologies aligned with NIST guidelines and other relevant frameworks.
• Analyze and evaluate the effectiveness of implemented security controls.
• Identify vulnerabilities, weaknesses, and potential risks in information systems and infrastructure.
• Prepare detailed Security Assessment Reports (SARs) documenting findings and recommendations.
• Collaborate with system owners, ISSOs, and other stakeholders throughout the assessment process.
• Verify the implementation of remediation actions and conduct follow‑up assessments as needed.
• Provide expert advice on the development and maintenance of System Security Plans (SSPs) and Plans of Action and Milestones (POA&Ms).
• Stay current with evolving cybersecurity threats, technologies, and best practices.
• Validate security control implementation and provide test results.
• Hands‑on experience in assessing RMF Step 4 and performing continuous monitoring.
• Examine security control weaknesses and determine if they are producing the desired intent.
• Deep understanding of Vulnerability Management practices.

Required:

• US Citizenship required and hold DOD Secret or higher clearance.
• Intimate understanding of NIST RMF implementation guidance.
• 10 plus years of cyber (Cloud, ISSM, ISSO), Networking and Systems Engineering.
• 5 plus years lead or management experience.
• Hands‑on experience with using eMASS or similar Information Assurance tools.
• Extensive knowledge of cloud environments such as Microsoft Azure and AWS.
• Well‑developed understanding of Federal Civilian or DHS Security Assessment and Authorization (SA&A) processes.
• In‑depth understanding of the relevance of NIST Security Controls and Control Implementation methodologies to the SA&A process.
• Experience analyzing vulnerability scans and STIG implementations.
• Can demonstrate understanding of critical documentation required in Security Authorization (SA) Packages.
• Ability to understand and support Privacy Compliance Activities to include the development of Privacy Impact Analysis (PIA), Privacy Threshold Analysis (PTA), and Statement of Record Notices (SORN).
• DoD 8570/8140 IAT III baseline certification (e.g., CISSP, CISM, CISA, CCNP Security)
• CSSP‑AU certification - must obtain within 60 days of employment.
• Knowledge/Familiarity with DoD 8500, DoD 8510, DHS 4300 A and B, NIST SP 800-18, 60, 70, 53, 53A, 137, IACS, CMRS, COAMS, JIMS, Swimlane, Governance, Risk, and Compliance, POA&M (i.e., Management, Assessment, etc.), ERS, FISMA, Knowledge Service, ACAS, Tanium, Power BI, Project/Program Management, TASKORD (i.e., FRAGO, CTO, etc.), and Data Calls (i.e., OIG Audit, etc.)

Desired:

• Well-developed understanding of Systems Development Lifecycle (SDLC) and ideally the DHS Systems Engineering Lifecycle (SELC) process as it relates to Security Assessment and Authorization (SA&A).
• Relevant DOD, DHS or .gov Cyber Security Information Assurance focused experience with specific current hands‑on experience researching, writing, and submitting complete A&A documentation packages for new system authorizations.
• Typically has a…