Cybersecurity Assessment And Authorization Subject Matter Expert (SME)

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Cybersecurity Assessment and Authorization Subject Matter Expert (SME) based in the United States.

This role is centered on ensuring the security and compliance of critical information systems through expert application of the Risk Management Framework (RMF) and Department of Defense cybersecurity standards. You will serve as a trusted advisor throughout the Assessment and Authorization (A&A) lifecycle, guiding systems through authorization processes while identifying, analyzing, and mitigating cybersecurity risks. The position requires close collaboration with technical teams and senior stakeholders to evaluate security controls, assess vulnerabilities, and determine system authorization readiness. You will provide expert-level insight into complex enterprise environments, including cloud and operational technologies, ensuring alignment with stringent federal security requirements. This is a high-impact role for cybersecurity professionals who thrive in regulated environments and excel at translating technical risk into actionable governance decisions.

• Serve as a cybersecurity SME supporting Assessment and Authorization (A&A) activities for DoD information systems.
• Execute Risk Management Framework (RMF) processes to support system authorization and compliance.
• Apply NIST SP 800-53 security controls throughout assessment and authorization activities.
• Evaluate cybersecurity risks, vulnerabilities, and control effectiveness across complex enterprise environments.
• Identify control deficiencies and assess their impact on system authorization status and risk posture.
• Develop remediation recommendations to improve cybersecurity compliance and risk mitigation.
• Brief senior leadership on RMF progress, authorization status, and cybersecurity risk findings.
• Ensure adherence to DoD cybersecurity policies, procedures, and regulatory requirements.

Requirements:

• Minimum of 5 years of experience in Risk Management Framework (RMF) and Assessment & Authorization (A&A) activities.
• Strong experience supporting Department of Defense cybersecurity environments and authorization processes.
• Proven ability to assess security controls and conduct authorization reviews for complex enterprise systems.
• Deep understanding of NIST SP 800-53 and federal cybersecurity compliance frameworks.
• Experience evaluating cybersecurity risks in environments including cloud, ICS, OT, and enterprise systems.
• Strong analytical skills with the ability to assess vulnerability severity and system impact.
• Experience communicating cybersecurity findings to technical and executive-level stakeholders.
• Eligibility for IT-II Non-Critical Sensitive designation with active Tier 3 (T3) clearance.
• Strong knowledge of DoD cybersecurity policies, procedures, and governance structures.

Benefits:

• Competitive compensation package.
• Fully remote work flexibility.
• Comprehensive healthcare coverage (medical, dental, and vision).
• Health Savings Account (HSA)-eligible plan options.
• Short-term and long-term disability insurance.
• 401(k) retirement plan with industry-leading employer match and potential profit sharing.
• Employee Stock Ownership Plan (ESOP), offering long-term equity participation subject to eligibility and vesting.
• Paid training and professional development opportunities.
• Opportunity to contribute to high-security federal cybersecurity programs.