Cybersecurity SME

WINTrio LLC is seeking a Cybersecurity Subject Matter Expert (SME) with deep experience supporting Risk Management Framework (RMF), Authority to Operate (ATO), continuous monitoring, and federal cyber compliance programs. This role supports the full system security lifecycle, including control implementation, assessment readiness, authorization packages, Plan of Action and Milestones (POA&M) management, vulnerability remediation tracking, and audit support., * Lead RMF lifecycle activities including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.

• Develop, review, and maintain ATO artifacts including System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Contingency Plans, Configuration Management Plans, Privacy Threshold Analysis (PTA), Privacy Impact Assessment (PIA), and POA&M documentation.
• Support security control implementation and validation against NIST Special Publication 800-53, FISMA, FedRAMP, agency policy, and system-specific requirements.
• Coordinate with Information System Security Officers (ISSOs), System Owners, Authorizing Officials, Security Control Assessors, cloud teams, and application teams.
• Monitor continuous authorization activities, recurring assessments, vulnerability remediation, and security posture reporting.
• Analyze security findings from tools such as ACAS, Nessus, Tenable, WebInspect, Fortify, Splunk, Xacta, eMASS, CSAM, Archer, ServiceNow, or similar platforms.
• Manage POA&M development, remediation evidence, milestone tracking, risk acceptance packages, and closure validation.
• Support audit readiness, control inheritance analysis, cloud security documentation, and FedRAMP package reviews.
• Provide senior-level guidance on Zero Trust, DevSecOps, cloud security, and security architecture alignment.
• Prepare executive dashboards, compliance reports, risk briefings, and security status updates for federal stakeholders.

• 10+ years of cybersecurity experience, with strong federal RMF, ATO, or continuous monitoring experience.
• Hands-on experience with NIST RMF, NIST 800-53, FISMA, POA&M management, and security authorization processes.
• Experience developing or reviewing ATO documentation and security control evidence.
• Experience working with federal security stakeholders including ISSOs, System Owners, Security Control Assessors, and Authorizing Officials.
• Strong understanding of vulnerability management, audit readiness, continuous monitoring, and risk-based remediation.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field., * Frameworks: NIST RMF, NIST 800-37, NIST 800-53, NIST 800-30, NIST 800-137, FISMA, FedRAMP, Zero Trust Architecture
• GRC / ATO Tools: eMASS, Xacta, CSAM, RSA Archer, ServiceNow GRC, RegScale
• Vulnerability Tools: ACAS, Nessus, Tenable.io, Tenable.sc, Qualys, Rapid7
• Application Security: Fortify, WebInspect, SonarQube, SAST, DAST, SCA tools
• SIEM / Monitoring: Splunk, ELK, Azure Monitor, AWS CloudWatch, Sentinel
• Cloud Security: AWS GovCloud, Azure Government, FedRAMP baselines, cloud control inheritance
• Documentation: SSP, SAR, RAR, POA&M, PTA, PIA, BIA, Contingency Plans, Incident Response Plans
• Standards: STIG, SCAP, CIS Benchmarks, DISA guidance, agency-specific cyber policy

Preferred Certifications, Not Required

• CISSP
• CISM
• CAP / Certified Authorization Professional
• Security+
• CASP+
• CCSP
• Certified Ethical Hacker (CEH)
• AWS Security Specialty or Azure Security Engineer Associate
• GIAC certifications such as GSEC, GSLC, or GCIH, * Experience supporting DHS, USDA, DoD, IRS, CBP, or other federal civilian agencies.
• Experience with ongoing authorization or continuous authorization environments.
• Experience supporting classified, sensitive, high-value asset, or mission-critical systems.
• Experience integrating cyber compliance with Agile, DevSecOps, and cloud delivery workflows.

• Medical, Dental, and Vision Insurance
• FSA and HSA options
• 401(k) Retirement Plan
• Paid Time Off and Vacation
• Employee Assistance Program
• Life and Disability Insurance