(640) Cybersecurity Management Specialist IV

Company Summary

Arlo Solutions (Arlo) is an information technology consulting services company that specializes in delivering technology solutions. Our reputation reflects the high quality of the talented Arlo Solutions team and the consultants working in partnership with our customers. Our mission is to understand and meet the needs of both our customers and consultants by delivering quality, value-added solutions. Our solutions are designed and managed to not only reduce costs, but to improve business processes, accelerate response time, improve services to end-users, and give our customers a competitive edge, now and into the future. 

Position Overview

The Cybersecurity Management Specialist Level IV will support the U.S. Army Test and Evaluation Command (ATEC) as a contractor through Arlo Solutions, serving as a subject matter expert for Risk Management Framework (RMF) processes and Enterprise Mission Assurance Support Service (eMASS) functionality. This position will execute all tasks required to obtain and maintain Authorizations to Operate (ATOs) for at least three ATEC HQ system authorizations, coordinating cybersecurity processes and activities for assigned systems. The specialist will serve as the primary expert in developing and interpreting cybersecurity plans, policies, and procedures while providing incident response, security assessments, and risk management activities.

Work Location:  Aberdeen Proving Ground, MD

Clearance:  Ability to obtain/maintain Secret clearance.

Job Responsibilities and/or Success Factors

Cybersecurity RMF and ATO Management

• Serve as the primary subject matter expert in the execution, validation, and maintenance of the Army/NETCOM defined Risk Management Framework (RMF) process for assigned systems.
• Create, review, and maintain cybersecurity documentation including policies, procedures, diagrams, hardware/software inventories, security plans, and risk assessments required for ATO packages.
• Register and maintain systems in the Enterprise Mission Assurance Support Service (eMASS) and related Army Portfolio Management Solution (APMS) records.
• Oversee the identification and monitoring of data to assign Confidentiality, Integrity, and Availability (CIA) levels for all in-scope systems.
• Guide the establishment and documentation of proper control inheritance, select controls, and create System Security Plans (SSPs).
• Populate, review, and submit technical artifacts, including scan results at the Control Correlation Identifier (CCI) level, ensuring compliance with quarterly and annual requirements.
• Conduct periodic security audits and assessments, evaluate the effectiveness of implemented security controls, and identify/track areas for improvement.
• Prepare and submit complete and accurate ATO package workflows, ensuring on-time submissions to meet Authorization Termination Dates (ATD) and prevent any lapse in system authorization.

Vulnerability and Compliance Management

• Oversee the development, tracking, and maintenance of Plans of Action and Milestones (POA&M) for all identified vulnerabilities.
• Guide system administrators in the application of Security Technical Implementation Guides (STIGs), verifying compliance through Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP) scans.
• Provide regular and accurate reporting to Government leadership on security compliance, operational posture, and identified risks or vulnerabilities.

Leadership, Collaboration, and Stakeholder Coordination

• Collaborate with government cyber leads (O-ISSM, P-ISSM) and system administrators to guide and support all RMF-related activities.
• Act as a mentor and source of expert guidance to supporting technical staff, reviewing submitted artifacts, and providing feedback to ensure enterprise requirements are met.
• Support training, compliance, and audit activities as required by contract and Government standards.

Documentation, Reporting, and Quality Assurance

• Maintain accurate and up-to-date security plans, risk assessments, incident reports, and other required security documentation in accordance with all contractual data deliverables.
• Ensure all products and solutions administered are documented and maintained in compliance with Department of Defense (DoD), Army, and local cybersecurity guidelines.

Education and Minimum Qualifications

• Must be a U.S. Citizen.
• Ability to obtain/maintain Secret clearance.
• Education/Experience:
  • No degree or any degree in a non-directly related field with technical certifications and at least 10 years of relevant experience; or Bachelor’s Degree in a directly related field and at least 7 years of relevant experience.

• Experience supporting Army cybersecurity programs, including direct work with Army Test and Evaluation Command (ATEC) or similar organizations.
• Extensive hands-on experience with tools and solutions such as eMASS, ACAS, HBSS/ESS, SCAP, and experience conducting technical scans, compliance validation, and artifact management in large enterprise environments.

• Relevant experience must be in Information Security or Network/System Administration with demonstrated expertise in DoD regulatory compliance and information security management frameworks, including NIST SP 800-37, NIST SP 800-53, DoD RMF, etc.
• Must be a subject matter expert capable of independently developing and interpreting cybersecurity plans and procedures, conducting incident response, risk assessments, and overall RMF activities from start to finish.
• Must possess one of the following professional certifications: CISSP, CCSP, CISM, CISA, GSLC, or CASP.
• Experience with developing policies, guides, and procedures; experience with Federal and FedRAMP Assessment and Authorization (A&A) processes; and proficiency with vulnerability management and continuous monitoring tools is required.

Desired Qualifications

• Demonstrated ability to independently execute and guide all phases of the RMF process for a range of information system types (e.g., connected networks, isolated/standalone, and cloud-based environments)
• Successful record of collaborating with federal stakeholders, authorizing officials, system administrators, and security managers in the development of complex cybersecurity deliverables.
• Experience training, mentoring, or supervising cybersecurity technical staff.
• Strong written and verbal communication skills, including report writing, creating technical guides, policies, and procedures tailored to military or federal customers.
• Additional professional certifications in cybersecurity or risk management (e.g., additional DoD 8140/8570 compliance certifications beyond the minimum requirements) are highly desirable.
• Experience with Army-specific information systems and compliance requirements is a plus.

AAP Statement

We are proud to be an Affirmative Action and Equal Opportunity Employer and as such, we evaluate qualified candidates in full consideration without regard to race, color, religion, sex, sexual orientation, gender identity, marital status, national origin, age, disability status, protected veteran status, and any other protected status.