Job DetailsLevel: SeniorJob Location: REMOTE (United States) - Remote, VA 22211Position Type: Full TimeEducation Level: Bachelor's DegreeTravel Percentage: Occasionally Job Shift: DayJob Category: Professional ServicesBMA is seeking a Cybersecurity Assessment & Authorization Subject Matter Expert (A&A SME) to support the DLA JETS Defense Agencies Initiative (DAI) Program Management Office (PMO) program. This is a fully remote position and contingent on contract award.   Job Summary  BMA is seeking a Cybersecurity Assessment & Authorization Subject Matter Expert (A&A SME) to support our DLA Defense Agencies Initiative (DAI) Program Management Office (PMO) contract. The Cybersecurity Assessment & Authorization Subject Matter Expert (SME) provides senior-level cybersecurity governance and execution support for the DAI Program Management Office (PMO) in accordance with DoDI 8510.01 (RMF), DoDI 8500.01, CNSSI 1253, and NIST SP 800-53 control implementation/assessment practices. This role leads and/or directly supports Assessment & Authorization (A&A) activities across DAI environments (on-prem DISA-hosted and Oracle Cloud Infrastructure), ensuring continuous authorization readiness, validated security control effectiveness, compliant documentation in eMASS, actionable POA&Ms, and executive-ready briefings on cybersecurity posture, risk, and authorization impacts. Key Responsibilities:  RMF Execution & A&A Leadership: Serve as the RMF/A&A lead SME for DAI releases and system changes; advise the PMO, ISSM/ISSE, and technical teams on authorization strategy, scope, and security control applicability. Execute and manage RMF ensuring complete, accurate, and AO-ready artifacts (SSP/CONOPS, SAP, SAR, RAR, POA&M, AORA packages). Perform/lead security control assessments and authorization reviews, including testing evidence validation, control inheritance/common control analysis, and risk determinations for complex enterprise enclaves and interfaced systems. Control Assessment, Vulnerability Analysis, and Risk Decisions: Analyze scan results and compliance evidence from ACAS (Nessus), STIG validation activities, and IAVM/IAVA directives; determine severity, impact, and authorization ramifications of noncompliance. Develop and manage POA&Ms with clear milestones, mitigations, owners, and validation criteria; track remediation progress and provide status to PMO leadership and the AO chain. Support continuous monitoring execution, including control re-assessment planning, periodic evidence refresh, and change impact analysis for software lifecycle changes. Cybersecurity Policy, Compliance, and Oversight Support: Provide cybersecurity policy support to the DAI PMO: analyze new or pending DoD/DLA policy changes; draft program-level cybersecurity procedures, standards, and implementation guidance. Support external and internal oversight activities (e.g., FISMA/FISCAM/FFMIA-related control evidence support, audit support requests, and compliance inquiries) with defensible, well-organized evidentiary packages. Coordinate cybersecurity working groups/technical exchanges; produce minutes, decision logs, and action-item tracking to closure. Cybersecurity Testing & Program Protection Integration: Assist with cybersecurity T&E methods and documentation to ensure the TEMP includes an OT&E cybersecurity strategy and that cybersecurity assessments align with DT&E/OT&E events. Support COOP validation planning and reporting as required by the PWS, including test plan development, execution support, and results reporting. Emerging Technology, Cloud, and OT/ICS Cybersecurity: Advise on cybersecurity approaches for cloud and modernized environments (e.g., OCI), and for emerging technology areas including Industrial Control Systems (ICS), Operational Technology (OT), and warehouse execution systems where applicable—ensuring appropriate control tailoring, overlays, and risk posture management. Stakeholder Engagement & Executive Communications: Brief senior management on authorization progress, risks, constraints, and recommended decisions (risk acceptance, remediation prioritization, schedule impacts). Translate complex technical findings into executive-ready products (dashboards, risk summaries, status reports) and ensure traceability from findings → risk → remediation → closure.   Clearance Requirements  There is a Secret Security clearance requirement for this position.    Required Skills & Certifications  One or more of the following DoD-approved CSSP Analyst certifications: EC-Council Certified Ethical Hacker, EC-Council CSA – Certified SOC Analyst, CompTIA CySA+, GIAC GCIA – GIAC Certified Intrusion Analyst, or GIAC GCIH – GIAC Certified Incident Handler. Five or more years of relevant RMF and NIST A&A experience, including hands-on development and assessment of RMF artifacts for large, complex organizations with multiple enclaves, applications, and interfaced or outsourced services. Demonstrated experience executing DoD cybersecurity processes and working within DoD or DLA cybersecurity policy environments. Proven ability assessing security controls, validating evidence, conducting authorization reviews, and advising on risk decisions affecting system authorization status. Working knowledge of cybersecurity considerations for cloud and ICS or OT-adjacent environments, including warehouse execution or OT infrastructures where relevant. Experience with eMASS package development and maintenance and Authorizing Official submission workflows. Experience with ACAS or Nessus, STIG compliance cycles, vulnerability management, and POA&M governance. Familiarity with DISA-hosted environments and cloud transition impacts on RMF boundaries, control inheritance, and continuous monitoring strategies. Strong technical writing skills producing RMF artifacts, policy and procedure documents, and audit-ready evidence packages. Strong facilitation skills for IPT and working group sessions and cross-functional coordination.   Desired Skills & Certifications  TS with SCI eligibility. Experience supporting DoD or DLA program offices. Experience supporting DoD or DLA environments. Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, Engineering, Business Administration, or a related field. Current Project Management Professional (PMP) certification or equivalent recognized project management certification. Current Risk Management Professional certification such as PMP-RMP, CRISC, CISA, CISM, CGRC, or RIMS-CRMP.   Other Duties Able to travel within a week's notice. This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.    Overview BMA is an employee-owned small business headquartered in Huntsville, AL that provides superior customer service by empowering all levels of our staff to make timely decisions to produce high-quality results. BMA fosters an environment of passion, precision, and dedication in order to fulfill our commitments to our partners, government, and country.   Benefits We believe that our employees well-being is paramount to our success so our benefits package has been crafted with that in mind. We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them. BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance. Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements.    AAP & EEO Statement  Beshenich Muir & Associates, LLC (BMA) is an Equal opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable Federal, State, or Local Law.  Qualifications