×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

DOJ - Lead ATO SME - Top Secret

Job in Washington, District of Columbia, 20022, USA
Listing for: cFocus Software Incorporated
Full Time position
Listed on 2026-01-31
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Position: DOJ - Lead ATO SME - Top Secret Required

cFocus Software seeks a Lead ATO SME to join our program supporting the Department of Justice (DOJ). This position is on-site in Washington, DC. This position requires a Top-Secret clearance.

Qualifications
  • Active Top-Secret clearance
  • 10 years of experience in IT Project Management in both Waterfall and Agile environments.
  • 10 years of experience performing systems security assessments, preparing system security documentation, and/or performing security upgrades for live networks, desktop systems, servers, and enterprise data bases leading to successful certification and accreditation or security authorization of such systems.
  • 10 years of experience assessing and enhancing IT systems security policies and procedures in response to the regulatory requirements associated with Federal and International standards.
  • 10 years of IT Security experience with extensive knowledge in security regulations and security assessments having developed numerous security A&A and ATO on a range of systems including classified systems.
  • Strong working knowledge with NIST Special Publications, NIST 800-53 for security control selection and NIST SP 800-37 SA using JCAM system is preferred.
  • Minimum of two of the following certifications:
    • CISA, CRISC, CISM, CGEIT, CISSP, CAP
Duties
  • Ensure all deliverables meet DOJ quality, completeness, and acceptance standards.
  • Provide mentorship and technical guidance to Senior ATO SMEs and supporting engineers.
  • Ensure compliance with classified and Controlled Unclassified Information (CUI) handling requirements.
  • Support audits, inspections, and government reviews as required.
  • Serve as the technical lead for end-to-end Risk Management Framework (RMF) execution supporting Authority to Test (ATT), Authority to Operate (ATO), and Continuous Monitoring (Con Mon).
  • Provide technical direction, quality assurance, and subject-matter leadership across all RMF phases in accordance with NIST SP 800-37, NIST SP 800-53, DOJ Cybersecurity Standards, and DOJ Security and Privacy Assessment and Authorization Handbook.
  • Act as the primary technical interface between the contractor team, Authorizing Officials (AO), Senior Agency Officials for Privacy (SCOP), COR, and system stakeholders.
  • Lead system preparation activities, including mission and business process identification, stakeholder identification, and asset inventory.
  • Define system authorization boundaries and operational environments.
  • Ensure system registration and documentation within the Joint Cybersecurity Assessment and Management (JCAM) system.
  • Conduct and maintain system-level risk assessments and ensure security and privacy requirements are defined and allocated appropriately.
  • Oversee development and validation of system descriptions, boundaries, and characteristics.
  • Lead security categorization activities in accordance with FIPS 199 and DOJ requirements, including confidentiality, integrity, and availability impact analyses.
  • Ensure identification and documentation of Personally Identifiable Information (PII) and coordination of Initial Privacy Assessments (IPA).
  • Coordinate categorization reviews and approvals with the AO and SCOP and ensure final concurrence is documented in JCAM.
  • Lead selection of baseline security and privacy controls using DOJ Cybersecurity Standard 0904 and NIST SP 800-53.
  • Oversee control tailoring, scoping, and allocation decisions based on mission, risk tolerance, system architecture, and operational environment.
  • Ensure justification for tailored controls is properly documented in the System Security and Privacy Plan (SSPP).
  • Direct development and approval of the Information Security Continuous Monitoring (ISCM) Plan.
  • Ensure SSPP and Requirements Traceability Matrix (RTM) are generated, reviewed, approved, and uploaded into JCAM.
  • Provide technical oversight for implementation of system, hybrid, and common security and privacy controls.
  • Ensure controls are implemented in accordance with DOJ standards and minimum assurance requirements.
  • Review and approve use of compensating controls and associated POA&Ms, ensuring AO and SCOP concurrence when required.
  • Ensure system documentation (SSPP, Incident Response Plan, Contingency Plan, Configuration…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search