Senior Security Compliance & Authorization Specialist

Job Title: Senior Security Compliance & Authorization Specialist (US Government Focus)

Location: Remote- considering the DHA interaction.

About the Role:

We are seeking a highly experienced and dedicated Senior Security Compliance & Authorization Specialist with a proven track record of navigating the complex landscape of US Government security authorizations. This critical role will be instrumental in ensuring our secure solutions meet and maintain stringent compliance requirements, particularly within Defense Health Agency (DHA) environments. The ideal candidate will possess deep expertise in the Authority to Operate (ATO) and Authority to Operate Continuous Monitoring (ATOC) processes, coupled with extensive experience in implementing and validating Security Technical Implementation Guides (STIGs).

Responsibilities:

• Lead and manage all aspects of the ATO and ATOC processes for complex enterprise solutions deployed in US Government (specifically DHA) on-premise virtual machine environments.
• Develop, implement, and maintain comprehensive security documentation, including Plan of Action and Milestones (POA&M) and evidence collection for security-related items.
• Conduct thorough analysis, interpretation, and application of STIGs across various system components, ensuring full compliance and addressing outstanding items.
• Collaborate closely with Information Security Officers, Designated Security Officials (DSO), and DHA security teams, actively participating in weekly meetings and fostering strong working relationships.
• Oversee and guide the remediation of security vulnerabilities identified through penetration testing and other security assessments.
• Drive continuous monitoring efforts to maintain ATOC status, adapting to evolving security requirements and conditional ATOC mandates.
• Provide expert guidance and support for the implementation of new security features, including IPv6, and the progression of secure communication protocols (e.g., DTLS).
• Coordinate and facilitate security testing within various DHA lab environments, including networking, sandbox, and production.
• Work effectively with geographically dispersed teams to address and resolve security-related issues, particularly regarding STIG compliance.
• Ensure that all security efforts align with target authorization timelines, such as achieving ATOC for upcoming software versions.
• Provide subject matter expertise on US Government security compliance frameworks (e.g., FedRAMP, Tx-Ramp, DoD ATO, ATOC processes).

Qualifications:

• 12-15+ years of progressive experience in information security, with a strong emphasis on US Government security compliance and authorization processes.
• Demonstrated expertise in successfully leading and managing ATO, ATOC, and FedRAMP initiatives from initiation to completion.
• Extensive hands-on experience with STIG implementation, auditing, and remediation across various operating systems, applications, and network devices.
• In-depth understanding of the Defense Health Agency (DHA) environment, security requirements, and operational procedures.
• Proven ability to manage a high volume of security-related items, prioritize tasks, and drive evidence collection.
• Exceptional communication (written and verbal) and interpersonal skills, with the ability to effectively collaborate with senior government officials, technical teams, and diverse stakeholders.
• Strong analytical and problem-solving skills, with a keen eye for detail in identifying and addressing security vulnerabilities.
• Experience with on-premise virtual machine deployments and associated security considerations.
• Ability to work independently and as part of a team in a fast-paced, dynamic environment.
• Relevant industry certifications (e.g., CISSP, CISM, PMP, CompTIA Security+) are highly desirable.