Principal Software Cybersecurity Engineer – DoD ATO Specialist

The Principal Software Cybersecurity Engineer will focus on projects requiring expertise in the DoD ATO process. This role is responsible for leading the planning, development, and submission of comprehensive ATO packages for our clients’ systems and applications, ensuring full compliance with DoD security mandates, including the Risk Management Framework (RMF). This role requires a deep understanding of DoD cybersecurity policies, technical security controls, and the ability to effectively communicate and collaborate with client engineering teams and stakeholders and government assessors.

· Lead the end-to-end development and submission of DoD ATO packages, ensuring all documentation is accurate, complete, and compliant with relevant DoD instructions

·        Collaborate with our clients’ engineering, development, and operations teams to gather necessary system information, technical diagrams, security configurations, and other artifacts required for ATO submissions

·        Interpret, apply, and tailor NIST SP 800-53 security controls to meet DoD RMF requirements for medical device systems

·        Develop and maintain key RMF artifacts, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), MDERA, Plan of Action and Milestones (POA&Ms)

·        Work with clients’ SMEs to build security control assessments, identify vulnerabilities, and recommend mitigation strategies

·        Acting as proxy for our client, support responding to DHA/DoD requests for additional information

·        Execute in a fast-paced environment with minimal guidance

· Minimum of 7+ years of experience in cybersecurity, with at least 4 years directly involved in DoD ATO processes and RMF implementation

·        Demonstrable expertise in developing and successfully submitting DoD ATO packages for various system types

·        In-depth knowledge of NIST SP 800-53, DoD Instruction 8510.01 (RMF for DoD IT), CNSSI 1253, and other relevant DoD cybersecurity policies and guidelines

·        Strong understanding of security controls, vulnerability management, and risk assessment methodologies

·        Strong familiarity with security assessment tools and techniques (ACAS/Nessus, SCAP Compliance Checker, manual reviews)

·        Demonstrated commitment to high quality

·        Strong oral and written communication skills, with the ability to articulate complex technical information to both technical and non-technical audiences

·        Highly motivated, self-disciplined, independent and results oriented

·        Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field.