Cybersecurity Assessment/Authorization SME
About The Position
FWI is building a team to provide Program Management Office (PMO) Support Services for the Defense Agencies Initiative (DAI), ensuring the cybersecurity posture of a DoD-wide financial management ERP system that serves over 30 Defense Agencies and Field Activities. As a Cybersecurity Assessment and Authorization SME, you will execute all seven steps of the Risk Management Framework, maintain the system's Authority to Operate, and provide expert guidance on security control assessment, vulnerability management, and compliance with federal and DoD cybersecurity policies. FWI has been recognized as a Top Workplace by the Washington Post in 2024 and 2025, offering excellent growth opportunities in a collaborative environment. Position is contingent upon contract award
Requirements
- 5 years of relevant Risk Management Framework (RMF) and NIST A&A experience
- DoD cybersecurity experience
- Experience assessing security controls and conducting authorization reviews for large, complex organizations
- Experienced in the general tenets supporting overall DoD authorization process implementation
- Knowledgeable in cybersecurity of emerging technology areas such as Cloud, Industrial Control Systems, warehouse execution systems, and Operational Technology (OT) infrastructures
- Certified in accordance with DoDD 8140.01/DoDD 8570.01/DoD 8570.01-M for applicable cybersecurity duties
- Must hold an active DoD Top Secret clearance.
Responsibilities
- Perform all 7 steps of the Risk Management Framework (RMF) per DoDI 8510.01, producing required deliverables at each step
- Develop, maintain, and update RMF packages including System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), and Plans of Action & Milestones (POA&M)
- Ensure compliance with federal, DoD, and DLA cybersecurity requirements, policies, and standards
- Provide ISSE and ISSM support including security operations, account management, and DLA CERT IAVA tracking
- Conduct vulnerability assessments using ACAS scanning and report findings
- Support INFOCON and Incident Response planning, execution, and exercises
- Develop and maintain the DAI Program Protection Plan and Acquisition Cybersecurity Strategy
- Support Continuity of Operations (COOP) planning, exercises, and validation testing
- Provide cybersecurity engineering support including integration of emerging security technologies
- Manage audit log review and analysis; provide recommendations for improving audit capabilities
- Support PKI engineering, policy development, and training
- Perform STIG configuration execution and validation
- Support DLA compliance assessment efforts through IACV program
Benefits
- Health Insurance
- Dental Insurance
- Vision Insurance
- Long-term and Short-term Disability Insurance
- Life Insurance
- 401(k) Plan
- Holiday Pay
- Paid Time Off
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
