Benefits:
- 401(k)
- Dental insurance
- Health insurance
- Paid time off
- Vision insurance
Job Summary
We are seeking an experienced Cybersecurity Assessment & Authorization (A&A) Subject Matter Expert (SME) to support Department of Defense (DoD) cybersecurity programs. The A&A SME will lead Risk Management Framework (RMF) activities, support the Authorization to Operate (ATO) lifecycle, and provide expert guidance on cybersecurity compliance for complex enterprise environments, including traditional IT, cloud-hosted systems, operational technology (OT), applications, and outsourced IT services. The position requires expertise in NIST SP 800-53, DoD cybersecurity policies, and enterprise risk management.
Key Responsibilities
- Serve as the cybersecurity SME for Assessment & Authorization (A&A) and RMF activities.
- Lead and support the development, review, and maintenance of RMF authorization packages, including SSPs, SARs, POA&Ms, and ATO documentation.
- Assess security controls in accordance with NIST SP 800-53 and DoD cybersecurity requirements.
- Evaluate vulnerabilities, determine residual risk, and recommend risk mitigation strategies to support authorization decisions.
- Conduct security control assessments and continuous monitoring activities to maintain system authorization.
- Support enterprise cybersecurity compliance for on-premises, cloud, and hybrid environments.
- Advise Information System Owners (ISOs), ISSMs, ISSOs, engineers, and Authorizing Officials throughout the RMF process.
- Prepare executive-level briefings and communicate cybersecurity risks, authorization status, and remediation recommendations to senior leadership.
- Ensure compliance with DoD cybersecurity policies, DISA STIGs, and applicable federal security standards.
Minimum Qualifications
- Experience: Minimum five (5) years of relevant experience in Assessment & Authorization (A&A), Certification & Accreditation (C&A), Risk Management Framework (RMF), and NIST cybersecurity compliance within a DoD environment.
- Demonstrated experience conducting security control assessments and authorization reviews for large, complex organizations.
- Strong knowledge of NIST SP 800-53, DoDI 8510.01, DoD RMF, continuous monitoring, and cybersecurity governance.
- Excellent analytical, technical writing, communication, and briefing skills.
Education
Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field (or equivalent experience, if permitted by contract).
Certifications
Required: DoD 8570/8140 Baseline Certification – IAM Level III (e.g., CISSP, CISM, GSLC, or equivalent approved certification).
Magnus Management Group LLC is an ISO 9001, ISO 27001, ISO 20000, ISO56002 and CMMI Level 3 (SVC) + SSD certified, and agile Highly Adaptive Cybersecurity Services (HACS) qualified Woman Owned Small Business (WOSB) as evaluated by US General Services Administration (GSA) cyber Subject Matter Experts (SMEs). Our experience and investments in quality and certification of our expertise has refined our mission support, information technology, information management, management consulting and cybersecurity solutions by supporting highly complex Information Technology (IT) environments.
Benefits
Magnus Management Group offers a competitive, comprehensive benefits package, which includes:
3 Weeks Paid Time Off
All Federal Holidays
Medical, Dental, and Vision insurance
401K Retirement Plan
Long Term Disability
Tuition Reimbursement and Professional Development Support
3 Weeks Paid Time Off
All Federal Holidays
Medical, Dental, and Vision insurance
401K Retirement Plan
Long Term Disability
Tuition Reimbursement and Professional Development Support
Magnus is an Equal Opportunity Employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, or veteran or disability status.
All current employees and contractors will get a referral bonus for bringing in a future Magnus’er per company policy.
Magnus uses E-Verify to validate all new hires’ ability to legally work in the U.S.
This is a remote position.