ATO Specialist at The Prospective Group (TPG) – Washington, District of Columbia

Active DOD security clearance required.

The Prospective Group (TPG) is highly motivated and experienced ATO Specialist to join our team. This role is responsible for managing the Authority to Operate (ATO) process for key technology platforms, to potentially include Palantir, Microsoft Azure, and Amazon Web Services (AWS). This role is critical to ensuring the security and compliance of systems as new features and capabilities are deployed. The ideal candidate will have a strong understanding of federal information security standards and a proven track record of successfully navigating the ATO process.

Job Duties and Responsibilities

• ATO Process Management: Manage the end-to-end ATO process for new and existing systems on Palantir, Azure, and AWS, ensuring that all activities are completed in a timely and efficient manner. This includes evaluating the impact of new features, patches, and configuration changes on the security posture of the system.
• Security Impact Analysis (SIA): Conduct SIAs to assess the security implications of proposed changes to our information systems.
• Security Documentation: Develop, review, and maintain all necessary security documentation, including System Security Plans (SSPs), to support the ATO process.
• Continuous Monitoring: Implement and manage a continuous monitoring strategy to ensure that our systems remain compliant with security requirements after an ATO has been granted.
• Stakeholder Collaboration: Work closely with system owners, developers, and other stakeholders to ensure that security requirements are integrated into the system development lifecycle.

• Proven experience with the federal ATO process, including a deep understanding of the NIST Risk Management Framework (RMF).
• Demonstrated experience working with large cloud data/analytics platforms (Palantir, Microsoft Azure, or AWS) in a government environment.
• In-depth knowledge of federal information security standards and guidelines, such as FISMA.
• Excellent written and verbal communication skills, with the ability to effectively communicate complex security concepts to both technical and non-technical audiences.

• Certified Information Systems Security Professional (CISSP)

• Cloud Security:
  • Certified Cloud Security Professional (CCSP)
  • Certificate of Cloud Security Knowledge (CCSK)
• Platform-Specific: Microsoft Certified: Cybersecurity Architect Expert (Azure-focused)