Information Assurance and Security, Lead Associate

Peraton is seeking Information Assurance Support for the Department of Defense (DoD) DMDC Enterprise Law Enforcement Support Services (ELEs2)program. This individual will provide comprehensive support to ensure the program's compliance with the Risk Management Framework (RMF) and facilitate the successful acquisition and sustainment of Authorization to Operate (ATO) status. Assist Information System Security Officers (ISSOs), engineers, and program managers by managing RMF documentation, tracking security controls implementation, and supporting assessments and authorizations in accordance with DoDI 8510.01 and NIST SP 800-37. Responsibilities include drafting and maintaining key RMF artifacts such as the System Security Plan (SSP), Security Assessment Report (SAR), and Plan of Action and Milestones (POA&M). Conduct vulnerability scans, analyze results, and coordinate with technical teams to remediate findings in alignment with Security Technical Implementation Guides (STIGs). Support system categorization, security control selection, and continuous monitoring activities using enterprise tools such as eMASS, ACAS, and HBSS, ensuring key program systems maintain security posture and accreditation requirements. Contribute to the preparation and coordination of ATO packages, ensuring accurate and timely submission for Authorizing Official (AO) review. By supporting audits, assessments, and documentation efforts, help to ensure key systems remain compliant, resilient, and capable of supporting physical access control and identity verification at Department of Defense (DoD) facilities.

What You'll Do:

Support the Defense Biometric Identification System (DBIDS) program by providing end-to-end assistance with the Risk Management Framework (RMF) process and maintaining Authorization to Operate (ATO) compliance.
• Assist ISSOs and security teams in preparing and maintaining RMF documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Track and support implementation of NIST SP 800-53 controls and DoDI 8510.01 guidance tailored to the operational environment.
• Conduct and review vulnerability scans using ACAS and coordinates with system administrators to apply STIGs and remediate findings.
• Maintain and update ATO packages in eMASS, ensuring accurate artifact submission and traceability of security control implementations.
• Support system categorization, control selection, and continuous monitoring processes throughout the system lifecycle.
• Coordinate with cybersecurity, infrastructure, and application teams to collect evidence and validate control effectiveness.
• Assist with audit preparation, compliance reviews, and responses to findings to ensure systems remains within its authorized security boundary.
• Monitor security posture through dashboards, compliance checklists, and scheduled assessments to ensure timely POA&M closure.
• Help ensure key systems align with DoD cybersecurity policy while supporting critical physical access control and identity verification capabilities across DoD facilities.
• Review and approve security control implementations for containerized and serverless cloud solutions within DMDC's approved environments.
• Support the definition and enforcement of secure access configurations, privileged access management, and system boundary definitions.
• Participate in system design reviews and risk assessments to ensure compliance with DoD cybersecurity requirements from development through production deployment.
• Provide guidance and oversight for audit readiness, incident response plans, and continuous monitoring strategies aligned with DMDC security policy.

• 5 years with BS/BA; 3 years with MS/MA; 0 years with PhD, 9 years in lieu of degree
• Able to obtain Interim TS clearance
• Must be a U.S Citizen
• IAT III Certification ( must have one of the following CISSP, CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, CCSP
• Experience with Risk Management Framework (RMF)
• Experience with vulnerability scans using ACAS, eMASS

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can't be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we're keeping people around the world safe and secure.