DoD Authorization to Operate (ATO) Specialists

Peraton is  seeking highly skilled and detail-oriented DoD Authorization to Operate (ATO) Specialist(s) to join our team. The ideal candidate will have extensive experience in the ATO process, accreditation, and cybersecurity compliance within the Department of Defense (DoD) environment. This role will support the development and maintenance of security authorization packages, manage compliance artifacts, and ensure adherence to DoD policies and standards.

The position requires on-site work in Alexandria, VA, or Kearneysville, WV.  Must be able to work in a secure, classified environment and adhere to DoD security protocols.

Key Responsibilities:

• ATO Process Management:
  • Lead and support the end-to-end ATO process for DoD systems, ensuring compliance with RMF (Risk Management Framework) and DoD policies.
  • Prepare, review, and maintain ATO packages, including supporting artifacts such as System Security Plans (SSPs), Security Assessment Reports (SARs), and Risk Assessments.

• Artifact Creation and Maintenance:
  • Develop and maintain supporting documentation, including boundary diagrams, data flow diagrams, and hardware/software inventories.
  • Ensure all artifacts align with DoD standards and meet audit requirements.
  •  
• STIG Compliance and Reporting:
  • Conduct Security Technical Implementation Guide (STIG) assessments using tools like SCAP and STIG Viewer.
  • Generate and review STIG compliance reports, identifying vulnerabilities and recommending remediation actions. 

• POA&M Creation and Management:
  • Develop and manage Plans of Action and Milestones (POA&Ms) to address security control deficiencies.
  • Track and report on POA&M progress, ensuring timely remediation and compliance.

• eMASS Administration:
  • Manage system records and workflows in the Enterprise Mission Assurance Support Service (eMASS).
  • Upload and maintain artifacts, track control compliance, and support authorization workflows in eMASS.

• Accreditation Process and Policy:
  • Ensure systems meet DoD accreditation requirements and maintain continuous monitoring post-ATO.
  • Stay up-to-date on DoD cybersecurity policies, directives, and frameworks (e.g., NIST 800-53, DoDI 8500.01).

• Collaboration and Communication:
  • Work closely with system owners, ISSOs, and other stakeholders to ensure compliance and address security concerns.
  • Provide guidance on security best practices and assist with audit preparation.

Basic Qualifications:

• Bachelor’s degree and minimum 12 years’ experience and Master’s degree with minimum 10 years’ experience and high school diploma/equivalent and 16 years’ experience
• Minimum of 8 or more years of experience in DoD cybersecurity, with a focus on the ATO process and RMF.
• Demonstrated experience in a large multi domain environment creating and managing ATO artifacts, boundary diagrams, and accreditation documentation.
• Hands-on experience with STIG compliance, POA&M management, and eMASS administration.
• Certifications: CompTIA Security+ (mandatory)
• U.S. Citizenship required; must have Active DoD Secret clearance or higher

Preferred Qualifications:

• Experience with DoD cloud environments (e.g., Impact Level 4/5 systems).
• Familiarity with additional compliance tools (e.g., Nessus, ACAS).
• Prior experience working with DoD agencies or contractors.
• Certifications: CISSP, CASP+, CISM, or other advanced cybersecurity certifications
• Proficient in STIG compliance tools (e.g., SCAP, STIG Viewer).
• Strong understanding of RMF, NIST 800-53, and DoD cybersecurity policies.
• Experience with eMASS workflows and administration.
• Ability to create detailed boundary diagrams and data flow documentation
• Strong attention to detail and organizational skills.
• Excellent written and verbal communication skills.
• Ability to work independently and collaboratively in a fast-paced environment.