ITility, LLC · 13 hours ago
Sr. Cyber Security Specialist
US
Full-time
Hybrid
Senior Level, Lead/Staff
15+ years expITility, LLC is seeking a highly skilled Senior Cyber Security Specialist with a strong background in continuous Authority to Operate (ATO) processes and Risk Management Framework (RMF) 2.0. The role involves ensuring the security and compliance of enterprise DoD IT environments and maintaining continuous ATOs for a government customer.
ConsultingCRMInformation TechnologyLegal
Responsibilities
Lead continuous ATO efforts, ensuring compliance with DoD, NIST, and federal cybersecurity frameworks
Implement risk management frameworks (RMF) 2.0, Continuous Monitoring, and conduct security control assessments
Expertly utilize DoD eMASS to perform cradle to grave actions for ATO package creations and submissions
Assess cloud-based applications, and infrastructure, with Application Security and Development STIG
Assess DISA STIGs and SRGs across a variety of applications and technologies in cloud environment
Support vulnerability assessments, internal and external security audits
Collaborate with IT, network, and security teams to enhance the organization's cybersecurity posture
Provide incident response support and mitigate security threats effectively
Application and system assessment, determination of accreditation requirements (e.g., Continuous Authorization to Operate (cATO))
Categorization of information systems and/or data types IAW NIST SP 800-60 Vol II
Establishment of Security Requirements Traceability Matrix which identifies applicable DISA STIGs and SRGs
Selection of security controls per NIST SP 800-53 and CNSSI 1253
Writing System Security Plan (SSP), associated security controls assessment artifacts, and plan of actions and milestones (POA&Ms)
Management of security controls assessment artifacts in eMASS in preparation of packages for RMF (DoDI 8510.01, NIST SP 800-37) processes
Evaluation of security controls per NIST SP 800-53A
Implementation of continuous monitoring solutions per NIST SP 800-137
Qualification
Required
15 years of experience in RMF/ATOs, and 5 years of experience as a CCRI or SCA-V assessor to supplement
Experience developing guidelines/plans, analyses, reviews, and mitigations in the areas of security incident response and mitigation strategies, vulnerability scanning, writing security assessments, and other cyber security-related activities and mandates
High-level experience with DoD IT security requirements
CISSP (Certified Information Systems Security Professional) certification (or CISM, CISSP, CISSO, or GCSA) is required
Extensive experience in continuous ATO processes, including RMF, NIST 800-53, and DoD cybersecurity policies
Strong background in assessing custom cloud-based applications, utilizing Application Security and Development STIG
Strong background in DevSecOps, application security, cloud security, and/or network security
Proficiency in vulnerability management with ACAS/Tenable.SC or similar vulnerability scanning platform
Excellent communication skills with the ability to brief senior leadership and stakeholders
Experience personally drafting RMF products
Preferred
AWS Security Specialty certification (Highly Desired)
RMF Certification or equivalent and detailed knowledge of NIST SP 800-53 (Highly desired)
Company
ITility, LLC
ITility is a defense & space company that offers program management services.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
M
Marvin Griffin
Chief Technology Officer
Recent News
Company data provided by crunchbase