Authorization and Accreditation Lead

About the Organization

Now is a great time to join Redhorse Corporation. We are a solution-driven company delivering data insights and technology solutions to customers with missions critical to U.S. national interests. We're looking for thoughtful, skilled professionals who thrive as trusted partners building technology-agnostic solutions and want to apply their talents supporting customers with difficult and important mission sets.

About the Role

Redhorse transforms the way government uses data and technology to support its mission. We are seeking a highly experienced and mission-focused Authorization and Accreditation Lead to ensure the rigorous security and compliance of critical Sponsor programs. This role is central to managing the Authorization and Accreditation (A&A) lifecycle, requiring deep expertise in the Risk Management Framework (RMF) and agency-specific security processes. The successful candidate will serve as the primary cybersecurity liaison, developing and maintaining accreditation artifacts, overseeing continuous monitoring, and collaborating closely with engineering teams to integrate security into every phase of system operation.

Key Responsibilities

• Risk Management Framework (RMF) Execution: Lead and execute all activities across the entire RMF lifecycle: Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor.
• A&A Artifact Development: Develop, review, and rigorously maintain all required accreditation artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, and Plans of Action & Milestones (POA&Ms).
• Compliance Monitoring: Monitor continuous compliance with established regulations and standards, including NIST 800-53, NIST 800-171, ICD 503, FedRAMP, FISMA, and specific agency policies. Prepare for and actively support audits, inspections, and formal security assessments.
• Security Testing and Remediation: Conduct essential security activities such as vulnerability scanning, compliance checks, and risk assessments utilizing industry tools (e.g., Nessus or Tenable.sc), and manage the comprehensive tracking and resolution of identified weaknesses.
• Documentation and Reporting: Create and maintain current security documentation, continuous monitoring strategies, incident response plans, and compliance reports. Deliver clear, concise briefings and status updates to program leadership and the Authorizing Official (AO).
• Security Integration: Collaborate proactively with system owners, engineers, and developers to ensure security controls are correctly integrated into the system's design, development, and operational lifecycle.
• System Security Liaison: Serve as the primary cybersecurity point of contact for assigned systems, ensuring clear, consistent, and effective communication with all internal and external stakeholders.

Required Qualifications

• Security Clearance: Active TS/SCI with Polygraph is required.
• Education and Experience (Tier 1): Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Computer Engineering, or Information Systems AND 3+ years of combined professional experience in IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response.
• Education and Experience (Tier 2): OR High School Diploma AND 8+ years of combined professional experience in IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response.
• Specialized Experience: 6+ years of experience in a role such as an Information Systems Security Engineer (ISSE), specifically accrediting Sponsor programs.
• Sponsor A&A Expertise: Demonstrated experience completing new system authorization and accreditation through the Sponsor's Authorization and Accreditation (A&A) processes, procedures, security requirements, and systems (e.g., Greenlight).
• Policy Knowledge: Experience in security policy development, counterintelligence principles, and the application of security controls.

Desired Experience

• Cloud Certification: Certified in AWS or an equivalent cloud technology.
• Professional Certifications: Hold one or more of the following: Security+, Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or an equivalent security certification.

Equal Opportunity Employer/Veterans/Disabled

Accommodations:

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by contacting Talent Acquisition at

Redhorse Corporation shall, in its discretion, modify or adjust the position to meet Redhorse's changing needs.

This job description is not a contract and may be adjusted as deemed appropriate in Redhorse's sole discretion.