• Ensure compliance with DoD cybersecurity mandates, including NIST 800-53 Rev. 5, FedRAMP, Risk Management Framework (RMF), and DoD IL-4/IL-5 security policies.
• Implement security monitoring solutions, conduct vulnerability assessments, and enforce zero-trust security principles.
• Maintain system security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&M), ensuring continuous compliance and audit readiness.
• Lead and track the progress of Authority to Operate (ATO) processes, ensuring all security controls and risk assessments are documented and submitted for approval.
• Submit the Cybersecurity Compliance & Risk Assessment Report, summarizing vulnerability findings, risk mitigation strategies, and security control implementation status.

• Possess the knowledge and capability to implement and manage security controls, risk assessments, and compliance measures across GovCloud-hosted environments, including Azure and AWS.
• Must be proficient in NIST 800-53 Rev. 5, FedRAMP, DoD RMF, and IL-4/IL-5 security mandates.
• Experience in security information and event management (SIEM), role-based access control (RBAC), vulnerability scanning, and incident response is required.
• Must also have expertise in cloud-native security tools, Zero Trust Architecture (ZTA), and Security Technical Implementation Guides (STIGs).
• Must have extensive experience with the Authority to Operate (ATO) process, including documentation, submission, and ongoing compliance monitoring, and must be able to demonstrate successful completion and maintenance of ATOs for programs or other capabilities within a DoD or federal environment.
• Must have demonstrated experience in implementing and enforcing security controls for cloud infrastructure, ensuring compliance with DoD security frameworks.
• Must have demonstrated experience in managing security configurations, conducting penetration testing, and implementing SIEM solutions (e.g., Microsoft Sentinel, AWS Security Hub).
• Must have demonstrated experience in performing risk assessments, continuous security monitoring, and developing mitigation strategies in cloud and hybrid environments.
• Must have demonstrated experience in administering RBAC and enforcing least-privilege access policies for mission-critical applications.
• Must have demonstrated experience in managing the ATO lifecycle, including the preparation of System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M).
• Must have demonstrated experience in coordinating with DoD cybersecurity officials to achieve and sustain ATOs for cloud-based and on-premises environments.

ABOUT NALLEY CONSULTING

Nalley Consulting is a Service Disabled Veteran Owned Small Business working with prime partners to staff Department of Defense and Intelligence Community positions. Created by a U.S. Navy intelligence veteran, Nalley Consulting has grown to include multiple IDIQ vehicles in several states.

Nalley Consulting fringe benefits include:

• Excellent medical, dental, and vision benefits
• PTO
• 11 paid federal holidays
• Tuition assistance
• Paid military-reserve leave
• Paid parental leave for birth or adoption
• 401k matching up to 5 percent of the base salary
• Flex time
• Company-paid short-term disability, long-term disability, and life insurance.