Authorization and Accreditation Lead

Redhorse Corp

6+ Years | Chantilly, Virginia, United States (On Site) | Full Time | 1 day ago
Apply Now

Job Summary

Redhorse Corporation is seeking an Authorization and Accreditation Lead to manage the security and compliance of critical Sponsor programs. This role involves leading the entire Risk Management Framework (RMF) lifecycle, developing and maintaining accreditation artifacts like SSPs and SARs, and ensuring continuous compliance with standards such as NIST 800-53 and FISMA. The lead will also oversee security testing, remediation, documentation, and collaborate with engineering teams to integrate security into system design and operations, serving as the primary cybersecurity liaison.

Must Have

  • Lead and execute all activities across the entire RMF lifecycle.
  • Develop, review, and maintain all required accreditation artifacts (SSPs, SARs, Risk Assessments, POA&Ms).
  • Monitor continuous compliance with regulations and standards (NIST 800-53, NIST 800-171, ICD 503, FedRAMP, FISMA).
  • Conduct security testing, vulnerability scanning, and manage remediation of weaknesses.
  • Create and maintain security documentation, continuous monitoring strategies, and incident response plans.
  • Collaborate with system owners, engineers, and developers to integrate security controls.
  • Serve as the primary cybersecurity point of contact for assigned systems.
  • Active TS/SCI with Polygraph security clearance.
  • Bachelor’s degree and 3+ years, or High School Diploma and 8+ years, of combined IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response experience.
  • 6+ years of specialized experience as an Information Systems Security Engineer (ISSE) accrediting Sponsor programs.
  • Demonstrated experience completing new system authorization and accreditation through the Sponsor’s A&A processes and systems (e.g., Greenlight).
  • Experience in security policy development, counterintelligence principles, and the application of security controls.

Good to Have

  • Certified in AWS or an equivalent cloud technology.
  • Hold one or more of Security+, Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or an equivalent security certification.

Job Description

About the Organization

Now is a great time to join Redhorse Corporation. We are a solution-driven company delivering data insights and technology solutions to customers with missions critical to U.S. national interests. We’re looking for thoughtful, skilled professionals who thrive as trusted partners building technology-agnostic solutions and want to apply their talents supporting customers with difficult and important mission sets.

About the Role

Redhorse transforms the way government uses data and technology to support its mission. We are seeking a highly experienced and mission-focused Authorization and Accreditation Lead to ensure the rigorous security and compliance of critical Sponsor programs. This role is central to managing the Authorization and Accreditation (A&A) lifecycle, requiring deep expertise in the Risk Management Framework (RMF) and agency-specific security processes. The successful candidate will serve as the primary cybersecurity liaison, developing and maintaining accreditation artifacts, overseeing continuous monitoring, and collaborating closely with engineering teams to integrate security into every phase of system operation.

Key Responsibilities

  • Risk Management Framework (RMF) Execution: Lead and execute all activities across the entire RMF lifecycle: Prepare, Categorize, Select, Implement, Assess, Authorize, and Monitor.
  • A&A Artifact Development: Develop, review, and rigorously maintain all required accreditation artifacts, including System Security Plans (SSPs), Security Assessment Reports (SARs), Risk Assessments, and Plans of Action & Milestones (POA&Ms).
  • Compliance Monitoring: Monitor continuous compliance with established regulations and standards, including NIST 800-53, NIST 800-171, ICD 503, FedRAMP, FISMA, and specific agency policies. Prepare for and actively support audits, inspections, and formal security assessments.
  • Security Testing and Remediation: Conduct essential security activities such as vulnerability scanning, compliance checks, and risk assessments utilizing industry tools (e.g., Nessus or Tenable.sc), and manage the comprehensive tracking and resolution of identified weaknesses.
  • Documentation and Reporting: Create and maintain current security documentation, continuous monitoring strategies, incident response plans, and compliance reports. Deliver clear, concise briefings and status updates to program leadership and the Authorizing Official (AO).
  • Security Integration: Collaborate proactively with system owners, engineers, and developers to ensure security controls are correctly integrated into the system's design, development, and operational lifecycle.
  • System Security Liaison: Serve as the primary cybersecurity point of contact for assigned systems, ensuring clear, consistent, and effective communication with all internal and external stakeholders.

Required Qualifications

  • Security Clearance: Active TS/SCI with Polygraph is required.
  • Education and Experience (Tier 1): Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, Computer Engineering, or Information Systems AND 3+ years of combined professional experience in IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response.
  • Education and Experience (Tier 2): OR High School Diploma AND 8+ years of combined professional experience in IT systems administration, cybersecurity compliance, IT system troubleshooting, and incident response.
  • Specialized Experience: 6+ years of experience in a role such as an Information Systems Security Engineer (ISSE), specifically accrediting Sponsor programs.
  • Sponsor A&A Expertise: Demonstrated experience completing new system authorization and accreditation through the Sponsor’s Authorization and Accreditation (A&A) processes, procedures, security requirements, and systems (e.g., Greenlight).
  • Policy Knowledge: Experience in security policy development, counterintelligence principles, and the application of security controls.

Desired Experience

  • Cloud Certification: Certified in AWS or an equivalent cloud technology.
  • Professional Certifications: Hold one or more of the following: Security+, Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), or an equivalent security certification.

Equal Opportunity Employer/Veterans/Disabled

Accommodations:

If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by contacting Talent Acquisition at Talent-Acquisition@redhorsecorp.com

Redhorse Corporation shall, in its discretion, modify or adjust the position to meet Redhorse’s changing needs.

This job description is not a contract and may be adjusted as deemed appropriate in Redhorse’s sole discretion.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.

9 Skills Required For This Role

Communication Problem Solving Risk Management Talent Acquisition Game Texts Security Testing Incident Response Aws Nessus