Senior ATO Subject Matter Expert Cybersecurity Analyst III with Security Clearance

Information Security

Washington

May 17, 2026

Full Time

Apply Now

Job Description

Company: Karthik Consulting, LLC

Location: Washington, US

For more than a decade, Karthik Consulting has been a reliable and trusted advisor to our Government customers, providing independent and unbiased recommendations and solutions to mitigate risk and help solve IT issues. We bring the innovation, passion, and agility of the commercial sector to meet the unique challenges of this competitive space.

Karthik

Consulting is seeking a Senior ATO Subject Matter Expert Cybersecurity Analyst III with the below skillset. Senior ATO Subject Matter Expert Cybersecurity Analyst III Fulltime with Karthik Consulting

Location: Washington, DC

Clearance: Public Trust Program Description: The IT CSSS program provides information security support to the Federal Bureau of Prisons Information Technology & Data Division and other DOJ components as required. The program supports BOP obligations to protect federal information systems under FISMA, OMB Circular A-130, the Privacy Act, NIST RMF guidance, DOJ policy, and related cybersecurity requirements.

Program Scope: The program covers ATO maintenance and rapid ATO activities, RMF lifecycle support, JCAM-based authorization management, FISMA/FISCAM audit support, security architecture and engineering support, vulnerability and risk management, privacy documentation, FedRAMP assessment support, continuous monitoring, and coordination with BOP system owners, CORs, AOs, and technical stakeholders.

Key Responsibilities: ATO and Authorization Lifecycle Leadership

• Lead security A&A and ATO activities for information systems across live networks, desktop systems, servers, enterprise databases, and classified or sensitive environments as assigned.
• Develop, maintain, and assess authorization packages that support successful certification and accreditation, security authorization, reauthorization, and ongoing authorization decisions.
• Apply NIST SP 800-37 RMF processes and DOJ/BOP authorization procedures to support prepare, categorize, select, implement, assess, authorize, and monitor activities.
• Use JCAM or similar authorization management systems to document system information, control baselines, authorization evidence, risk decisions, and approval status. System Security Assessment and Documentation
• Perform system security assessments and prepare assessment-ready documentation for security controls, implementation status, technical evidence, and identified weaknesses.
• Prepare, review, and update SSPP/SSP, SAR, POA&M, residual risk, risk analysis, threat matrix, authorization memo, and executive briefing artifacts.
• Assess system boundaries, information types, categorization decisions, control implementation details, and supporting evidence for accuracy and completeness.
• Coordinate updates to incident response, contingency planning, configuration management, privacy, MOU/ISA, and other RMF-related documentation as required. Security Policy, Compliance, and Risk Advisory
• Assess and enhance IT security policies and procedures in response to federal, DOJ, BOP, and international regulatory requirements as applicable.
• Apply strong working knowledge of NIST Special Publications, NIST SP 800-53 security control selection, and federal cybersecurity requirements to improve authorization readiness.
• Analyze security findings, vulnerabilities, policy gaps, and control deficiencies to determine risk impact and recommend corrective actions or risk response options.
• Support risk-based decision-making by translating security assessment results into clear recommendations for system owners, AOs, CORs, and program leadership. Security Upgrades and Technical Coordination
• Coordinate with system owners, operations and maintenance teams, engineers, and assessors to support security upgrades and remediation activities for operational systems.
• Review proposed system and environment changes to determine potential security or privacy impact and required updates to authorization artifacts.
• Support vulnerability remediation, control implementation validation, and technical evidence collection across on-premises, cloud, hybrid, and air-gapped environments.
• Ensure security documentation reflects the as-implemented state of systems and remains current as technologies, configurations, and mission requirements evolve. Reporting, Stakeholder Engagement, and Quality Control
• Prepare written communications, status updates, briefings, risk summaries, and authorization decision support materials for government and contractor leadership.
• Support monthly reporting by documenting deliverables, risks, issues, corrective actions, authorization milestones, and system security posture.
• Coordinate with BOP system owners, CORs, AOs, privacy stakeholders, assessors, and technical teams to resolve documentation gaps and authorization risks.
• Maintain high-quality, audit-read

Source: BeBee

Senior ATO Subject Matter Expert Cybersecurity Analyst III with Security Clearance

Job Description

Related Jobs

Security Control Assessor Associate – C

remote Cybersecurity Engineer ( US citizens or Green cards only )

Corporate Infrastructure & Security Engineer

DevSecOps Engineer (Public Trust Tier 2 clearance) in Washington, DC

Cybersecurity Job Board

Our Policy

Contact Us

Login to Cybersecurity Job Board

Reset Password

Create a free Cybersecurity Job Board account

Senior ATO Subject Matter Expert Cybersecurity Analyst III with Security Clearance

Job Description

Share this post

Related Jobs

Security Control Assessor Associate – C

remote Cybersecurity Engineer ( US citizens or Green cards only )

Corporate Infrastructure & Security Engineer

DevSecOps Engineer (Public Trust Tier 2 clearance) in Washington, DC

Cybersecurity Job Board

Our Policy

Contact Us