• Work closely with technical teams to implement secure system improvements that meet DoD cybersecurity standards. • Monitor and evaluate project progress, providing actionable reports to leadership and government officials. • Communicate with team, customers, and stakeholders in a clear, concise, timely, and professional manner. • Manage and maintain security authorization packages within the DoD RMF lifecycle • Ensure the confidentiality, integrity, and availability of systems through compliance with NIST 800-53 controls and DoDI 8500 series • Draft and maintain documentation including System Security Plans (SSPs), POA&Ms, and Continuous Monitoring strategies • Support system assessments, vulnerability scanning, and remediation efforts using tools like SonarQube, Checkmarx, Trivy, Dependency Track, eMASS, and Nessus • Support system assessments, vulnerability scanning, and remediation efforts relating to DISA STIGs • Interface with government security officials (e.g., ISSMs, AO representatives) to support audits, inspections, and reviews • Coordinate security engineering input into system designs and control implementation • Track and respond to cybersecurity incidents and ensure timely reporting and recovery efforts • Participate in Agile/DevSecOps development cycles, ensuring security is integrated from concept to deployment • Assist with personnel security awareness, training, and insider threat mitigation • Commute as needed to the nearest secured facility to perform duties in a higher environment.

Job DetailsLevel: SeniorJob Location: REMOTE (United States) - Remote, VA 22211Position Type: Full TimeEducation Level: Not SpecifiedTravel Percentage: Occasionally Job Shift: DayJob Category: Professional ServicesBMA is seeking a Cybersecurity Certification & Accreditation Analyst Lead to support the DLA JETS Defense Agencies Initiative (DIA) Program Management Office (PMO) program. This is a fully remote position and contingent on contract award. Job Summary The Cybersecurity C&A Analyst – Lead serves as the senior technical authority supporting the DLA DAI Cybersecurity Assessment Program. This role provides expert leadership in Risk Management Framework implementation, Command Cyber Readiness Inspection preparation, vulnerability assessment, penetration testing, and security control validation within the DAI Oracle EBS R12.2 enterprise environment. Operating under consultative direction, the C&A Lead applies advanced cybersecurity principles, DISA STIG guidance, SCAP compliance standards, and DoD security regulations to design, assess, and continuously improve the security posture of the DAI system. The position independently analyzes exceptionally complex technical problems and develops innovative, compliant solutions to ensure DAI meets DoD cybersecurity readiness requirements. Primary Duties and Responsibilities include: Support RMF and Authorization Lifecycle Leadership. Serve as technical lead for RMF implementation and sustainment activities across the DAI environment. Develop, review, and maintain RMF artifacts. Provide technical direction on control inheritance, system boundary definitions, and security architecture alignment. Coordinate with Authorizing Officials, ISSMs, ISSOs, and system owners to ensure compliance readiness. Support CCRI Preparation and Vulnerability Assessments. Lead preparation for Command Cyber Readiness Inspections. Perform and oversee vulnerability assessments and analyze findings. Develop mitigation strategies and remediation tracking plans. Conduct penetration testing consistent with CEH, GPEN, or LPT standards. Support STIG Compliance and Security Engineering. Interpret and apply DISA Security Technical Implementation Guides and Security Requirements Guides. Develop product-specific STIG overlays for Oracle EBS R12.2 and associated infrastructure. Assess and validate compliance. Ensure SCAP-based configuration validation is properly implemented. Provide Oracle EBS R12.2 Security Oversight. Lead security evaluation of the Oracle EBS R12.2 platform. Support secure integration with financial, acquisition, and testing workflows. Evaluate security impacts of system enhancements and releases. Conduct Penetration Testing and Advanced Threat Analysis. Conduct or oversee penetration testing activities across application and network layers. Perform advanced threat analysis and recommend mitigation solutions. Analyze phishing exercises, USB detection events, and physical security testing results. Validate remediation of identified vulnerabilities. Support Cybersecurity Tool Selection and Innovation Initiatives. Recommend cybersecurity software tools and define tool selection criteria. Develop requirements for vulnerability assessment, compliance scanning, and monitoring solutions. Contribute to the development of new methodologies and advanced technological approaches to enhance DAI cybersecurity posture. Evaluate emerging cybersecurity technologies and recommend adoption where appropriate. Support Reporting, Risk Analysis, and Executive Briefings. Provide detailed technical reports. Present cybersecurity status to PMO leadership and executive stakeholders. Independently identify systemic security risks and propose strategic corrective actions. Support integration of cybersecurity findings into acquisition milestone reviews and audit documentation. Clearance Requirements There is a Secret Security clearance requirement for this position. Required Skills & Certifications 7+ years of IT experience. 5+ years of cybersecurity experience. 5+ years of Oracle EBS R12.2 platform experience. Possesses one or more current penetration testing certifications such as LPT, CEPT, CEH, or GPEN. Proven experience performing Command Cyber Readiness Inspections, vulnerability assessments, and penetration testing. Served as a DISA Field Security Office certified CCRI Team Lead. Served as a Tenable Certified NESSUS Auditor. Expert knowledge of DoD security regulations, DISA Security Technical Implementation Guides, Security Requirements Guides, SCAP, and the Risk Management Framework. Proficiency with VULNERATOR, the USCYBERCOM CTO Compliance Program, wireless vulnerability assessment tools, and SQL Server and Oracle database security. Strong analytical and problem-solving skills. Excellent written and oral communication skills. Desired Skills & Certifications Experience supporting DoD or DLA program offices. Experience supporting DoD ERP environments. Experience supporting financial system cybersecurity compliance in the context of FFMIA. Experience leading enterprise-level cyber modernization initiatives. Familiarity with DLA-specific cybersecurity governance frameworks. Other Duties Able to travel within a week's notice. This job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. Overview BMA is an employee-owned small business headquartered in Huntsville, AL that provides superior customer service by empowering all levels of our staff to make timely decisions to produce high-quality results. BMA fosters an environment of passion, precision, and dedication in order to fulfill our commitments to our partners, government, and country. Benefits We believe that our employees well-being is paramount to our success so our benefits package has been crafted with that in mind. We offer multiple healthcare coverage options to include low deductible, high deductible, and plans eligible for our Health Savings Account (HSA) option. Along with medical coverage, employees have dental, vision, accident & illness, short- and long-term disability all available to them. BMA proudly maintains a 401(k) plan with an industry leading 6% match that can include profit sharing based on company performance. Lastly, being an employee-owned company means that BMA offers a 100% Employee Stock Ownership Plan (ESOP), providing eligible employees the opportunity to earn stock in BMA, subject to plan eligibility and vesting requirements. AAP & EEO Statement Beshenich Muir & Associates, LLC (BMA) is an Equal opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regards to race, color, religion, religious creed, gender, sexual orientation, gender identity, gender expression, transgender, pregnancy, marital status, national origin, ancestry, citizenship status, age, disability, protected Veteran Status, genetics or any other characteristics protected by applicable Federal, State, or Local Law. Qualifications

• Support cybersecurity efforts across multiple projects within a portfolio setting and proactively monitor upcoming cyber priorities across the VA Health portfolio. • Communicate and provide consultative support on the VA on matters related to system security certification & accreditation and Authority to Operate (ATO). • Coordinate and lead security and privacy activities within project teams and develop security and privacy related artifacts. • Review and identified system/applications security controls in accordance with NIST SP-800 53 Rev 5 guidance and VA Handbook 6500. • Responsible for on time deliverables of assigned and related security and privacy artifacts. • Must be able to identify and mitigate risks to the program. • Demonstrated experience in a remote work environment. • Ability to proactively communicate and coordinate with various internal and external project stakeholders, depending on needs. • Identifying and communicate symptoms for process improvement. • Ability to work independently with minimal guidance and supervision • Participate in support activities related to the integration of security architecture & engineering efforts in the SDLC IT lifecycle • Support a team of other cyber security professionals • Support Application development/maintenance and IT operations with Agile practices • Build and develop cyber security related artifacts • Resolve requests for assistance in troubleshooting issues • Participate in new and existing IT modernization, expansion, and improvement of security architecture and engineering projects support enterprise operations • Support ATO, and the VA ISSO in support of ATCs, ATOs, REEF, ServiceNow, GRC Tool and other security tracking systems. • Typical tasks for this role include but are not limited to: • Authority-to-Operate (ATO) & Authority to Connect (ATC) remediation efforts • Participate in mandated Security Control Assessments and Hight Value Assets Audits • System scans and audit preparation • Assist with contingency, incident response and disaster plans creation as well as testing of these plans. • ServiceNOW updates, and reporting • SOP Creation and Updating • Ability to effectively manage POAMs from creation to closure • PIA (Privacy Impact Analysis) and PTA (Privacy Threshold Analysis) Documentation • Program and administrative support (ATO notes, reports, org/role documentation, etc.) • Actively engaged with development teams in assisting with ATO process and providing required ATO artifacts • Ad hoc remediation response support • Communications support

• Design and implement security automation systems, reducing manual workloads and accelerating detection and response. • Leverage Open-Source Intelligence (OSINT) techniques for threat hunting, investigations, and exposure analysis. • Collaborate with engineering and security teams to integrate automated solutions into production environments. • Support incident response and remediation efforts by providing research-driven insights and automated tooling. • Continuously evaluate and deploy emerging security tools, frameworks, and AI/automation technologies.