Job DetailsLevel: SeniorJob Location: REMOTE (United States) - Remote, VA 22211Position Type: Full TimeEducation Level: Not SpecifiedTravel Percentage: Occasionally Job Shift: DayJob Category: Professional ServicesBMA is seeking a Cybersecurity Certification & Accreditation Analyst Lead to support the DLA JETS Defense Agencies Initiative (DIA) Program Management Office (PMO) program. This is a fully remote position and contingent on contract award.   Job Summary  The Cybersecurity C&A Analyst – Lead serves as the senior technical authority supporting the DLA DAI Cybersecurity Assessment Program. This role provides expert leadership in Risk Management Framework implementation, Command Cyber Readiness Inspection preparation, vulnerability assessment, penetration testing, and security control validation within the DAI Oracle EBS R12.2 enterprise environment. Operating under consultative direction, the C&A Lead applies advanced cybersecurity principles, DISA STIG guidance, SCAP compliance standards, and DoD security regulations to design, assess, and continuously improve the security posture of the DAI system. The position independently analyzes exceptionally complex technical problems and develops innovative, compliant solutions to ensure DAI meets DoD cybersecurity readiness requirements. Primary Duties and Responsibilities include: Support RMF and Authorization Lifecycle Leadership. Serve as technical lead for RMF implementation and sustainment activities across the DAI environment. Develop, review, and maintain RMF artifacts. Provide technical direction on control inheritance, system boundary definitions, and security architecture alignment. Coordinate with Authorizing Officials, ISSMs, ISSOs, and system owners to ensure compliance readiness. Support CCRI Preparation and Vulnerability Assessments. Lead preparation for Command Cyber Readiness Inspections. Perform and oversee vulnerability assessments and analyze findings. Develop mitigation strategies and remediation tracking plans. Conduct penetration testing consistent with CEH, GPEN, or LPT standards. Support STIG Compliance and Security Engineering. Interpret and apply DISA Security Technical Implementation Guides and Security Requirements Guides. Develop product-specific STIG overlays for Oracle EBS R12.2 and associated infrastructure. Assess and validate compliance. Ensure SCAP-based configuration validation is properly implemented. Provide Oracle EBS R12.2 Security Oversight. Lead security evaluation of the Oracle EBS R12.2 platform. Support secure integration with financial, acquisition, and testing workflows. Evaluate security impacts of system enhancements and releases. Conduct Penetration Testing and Advanced Threat Analysis. Conduct or oversee penetration testing activities across application and network layers. Perform advanced threat analysis and recommend mitigation solutions. Analyze phishing exercises, USB detection events, and physical security testing results. Validate remediation of identified vulnerabilities. Support Cybersecurity Tool Selection and Innovation Initiatives. Recommend cybersecurity software tools and define tool selection criteria. Develop requirements for vulnerability assessment, compliance scanning, and monitoring solutions. Contribute to the development of new methodologies and advanced technological approaches to enhance DAI cybersecurity posture. Evaluate emerging cybersecurity technologies and recommend adoption where appropriate. Support Reporting, Risk Analysis, and Executive Briefings. Provide detailed technical reports. Present cybersecurity status to PMO leadership and executive stakeholders. Independently identify systemic security risks and propose strategic corrective actions. Support integration of cybersecurity findings into acquisition milestone reviews and audit documentation.   Clearance Requirements  There is a Secret Security clearance requirement for this position.    Required Skills & Certifications  7+ years of IT experience. 5+ years of cybersecurity experience. 5+ years of Oracle EBS R12.2 platform experience. Possesses one or more current penetration testing certifications such as LPT, CEPT, CEH, or GPEN. Proven experience performing Command Cyber Readiness Inspections, vulnerability assessments, and penetration testing. Served as a DISA Field Security Office certified CCRI Team Lead. Served as a Tenable Certified NESSUS Auditor. Expert knowledge of DoD security regulations, DISA Security Technical Implementation Guides, Security Requirements Guides, SCAP, and the Risk Management Framework. Proficiency with VULNERATOR, the USCYBERCOM CTO Compliance Program, wireless vulnerability assessment tools, and SQL Server and Oracle database security. Strong analytical and problem-solving skills. Excellent written and oral communication skills.   Desired Skills & Certifications  Experience supporting DoD or DLA program offices. Experience supporting DoD ERP environments. Experience supporting financial system cybersecurity compliance in the context of FFMIA. Experience leading enterprise-level cyber modernization initiatives. Familiarity with DLA-specific cybersecurity governance frameworks.   Other Duties Able to travel within a week's notice. This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.    Overview BMA is an employee-owned small business headquartered in Huntsville, AL that provides superior customer service by empowering all levels of our staff to make timely decisions to produce high-quality results. BMA fosters an environment of passion, precision, and dedication in order to fulfill our commitments to our partners, government, and country.   Benefits We believe that our employees well-being is paramount to our success so our benefits package has been crafted with that in mind. We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them. BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance. Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements.    AAP & EEO Statement  Beshenich Muir & Associates, LLC (BMA) is an Equal opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable Federal, State, or Local Law.  Qualifications