Job description
True Zero Technologies, a veteran-owned small business, was founded on the principle that the purposeful enablement of people and technology in an organization directly ties to the quality of its outcomes. True Zero recognizes that those outcomes begin and end with our people, and that is what we have built a community of like-minded, driven, and passionate individuals and innovators who are aligned in a common goal of delivering top-tier services to our customers. Our culture and commitment have been recognized through numerous accolades, including being named one of the Best Places to Work in 2023 in two categories (“Prosperous and Thriving” ($5MM–$50MM in gross revenue) and “Mid-Atlantic Region” (DC, DE, MD, NC, VA, WV)), and again in 2025 as a Best Places to Work honoree. In addition, True Zero earned coveted spots on the Inc. 5000 list of fastest-growing companies in America in 2022, 2023, and 2025, a testament to our sustained growth driven by our people-first approach and unwavering dedication to excellence.
Position Responsibilities
- Assessment and Authorization (A&A): Guide systems through the 6-step RMF process (NIST SP 800-37) to obtain/maintain an ATO.
- Security Control Assessment: Evaluate technical controls using tools like ACAS or SCAP and analyze STIG (Security Technical Implementation Guides) checklists.
- Documentation: Create and maintain SSPs (System Security Plans), POA&Ms, and security assessment reports.
- Risk Management: Identify, analyze, and mitigate security risks in coordination with system owners and stakeholders
- Compliance Monitoring: Conduct continuous monitoring to ensure ongoing compliance with Federal or DoD cybersecurity policies
- System Categorization: Defining the system’s boundary and assessing the potential impact of a security breach on the organization’s mission.
- Security Control Selection: Identifying and tailoring the specific security controls
- Implementation & Assessment: Verifying that security controls are properly implemented through audits, technical testing, and vulnerability scans.
Position Qualifications
- Bachelor’s degree in Computer Science, Cybersecurity, or Information Systems is preferred.
- Certifications are highly encouraged such as:
- CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
- Certified in Governance, Risk, and Compliance (CGRC)
- Proficiency with RMF management tools like eMASS, XACTA, or STIG Viewer, and vulnerability scanners like ACAS or Nessus are highly preferred.
- Holding and maintaining a clearance may be required
Role Summary
- Looking for a specialized professional responsible for ensuring information systems comply with federal and organizational security standards. Their primary goal is to help our organizations achieve and maintain an Authority to Operate (ATO) for technical systems
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
