Information Assurance Specialist

About the Role:

The candidate will serve as an Information Assurance Specialist supporting Risk Management Framework (RMF) execution, compliance documentation, and continuous monitoring activities for a federal cybersecurity modernization program. They will identify network, system, application, and emerging technology security risks across a multi-cloud General Support System (GSS) spanning AWS GovCloud, Azure Government Community Cloud (GCC), Google Cloud Platform (GCP), and centralized cloud administration.

The ideal candidate will bring strong working knowledge of the NIST RMF, DoDI 8510.01, NIST SP 800-53, and DISA STIGs, with hands-on experience producing high-quality, technically accurate IA artifacts. They will support the operation of automated, version-controlled compliance checks and contribute to the artifacts that sustain the agency's authorization and continuous monitoring posture.

They will work in close coordination with the program's automation engineers and analysts to ensure that compliance is implemented as code — with controls captured in machine-readable form, version-controlled, and continuously evaluated against AWS Security Hub, Microsoft Defender for Cloud, GCP Security Command Center, and other DoD-approved services.

‍

Role Responsibilities:

• Identify network, system, application, and new-technology security risks, threats, and vulnerabilities across the multi-cloud General Support System (GSS) and supported environments.

• Support the development, testing, and operation of cybersecurity tooling — including firewalls, intrusion detection systems, enterprise anti-virus, and software deployment platforms — in alignment with agency standards.

• Develop, maintain, and update RMF artifacts (System Security Plans, Security Assessment Plans, POA&Ms) and ATO documentation supporting agency systems.

• Implement and validate DISA STIGs, NIST SP 800-53 controls, and other DoD-mandated configuration baselines across cloud and legacy assets.

• Support the execution of automated, version-controlled compliance checks; investigate deviations and document remediation in accordance with continuous monitoring requirements.

• Apply current Information Assurance policy, tactics, techniques, and doctrine to agency reporting requirements; assist in the planning and implementation of IA requirements.

• Establish and satisfy complex system-wide information security requirements derived from user, policy, regulatory, and resource demands.

• Contribute to deliverables and performance metrics in support of continuous monitoring and quarterly governance reviews.

• Support workforce cross-training initiatives, contributing to the agency's goal of cross-training at least 90% of the GRC team within 12 months.

Required Education & Qualifications:

• Bachelor's degree in a Cybersecurity, Information Systems, Computer Science, or equivalent.

• Five (5) years of general Information Assurance or cybersecurity experience.

• Demonstrated experience supporting RMF authorization activities, NIST SP 800-53 control implementation, and DISA STIG validation.

• Working knowledge of DoDI 8510.01 and the NIST RMF steps.

• Experience identifying security risks, threats, and vulnerabilities and developing, testing, or operating security tooling such as firewalls, IDS, and enterprise anti-virus.

• Experience producing technically sound IA artifacts and ATO documentation.

‍

Desired Skills:

• DoD 8570 / 8140 IAT Level II or IAM Level II baseline certification (Security+ CE, CCNA Security, CySA+, or equivalent).

• Familiarity with DoD-approved cloud environments including AWS GovCloud, Azure Government, and Google Cloud Platform.

• Experience with continuous monitoring tooling such as AWS Security Hub, Microsoft Defender for Cloud, or GCP Security Command Center.

• Familiarity with Open Security Controls Assessment Language (OSCAL) for machine-readable representation of control catalogs and assessment results.

• Hands-on experience with Python, JSON, or AWS boto3 in support of automated compliance workflows.

• Experience supporting Policy-as-Code (PaC) implementations and automated evidence generation.

‍

Clearance and Location Requirements:

• Active U.S. Security Clearance is required.

• This hybrid role requires onsite work at a Department of Defense (DoD) facility.

‍