Logo for K2United

Mid-Level A&A Package Specialist

Role overview

Qualifications

  • Bachelor's degree in a related field, or equivalent experience as allowed by company and contract policy
  • Five or more years of RMF and AA package development experience
  • Hands-on experience authoring SSPs, BIAs, FIPS 199 categorizations, PTA/PIA documentation, and Configuration Management Plans
  • Strong working knowledge of NIST SP 800-37, NIST SP 800-53 Rev. 5, NIST SP 800-18, and FIPS 199

Responsibilities

  • Develop and maintain RMF authorization artifacts, including the System Security Plan (SSP) and Business Impact Analysis (BIA)
  • Create foundational system documentation, including Boundary Scope Memorandums (BSM) and System Architecture diagrams
  • Support system owners with control scoping, tailoring, and identification of applicable overlays
  • Assemble authorization packages for submission to the Security Control Assessor (SCA) and Authorizing Official (AO) and track them through the authorization decision process

About the company

K2United logo

K2United

IT Services & IT Consulting

Company details

IndustryIT Services & IT Consulting

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Job Type
Contract
Description

  

K2United is an organization that houses two distinct, national, customer-facing brands tied together by a shared purpose: setting the standard for an extraordinary workplace. Through our brands, K2Share and CareerSafe, we provide advisory services in cyber risk management and online education for workforce readiness.

Our four core values define how we show up every day:

  • Respect Others - We lead with respect, building trust and connection.
  • Internally Driven - We are relentlessly compelled to accomplish our objectives.
  • Collaborative Innovation - We create by listening, sharing, and working together.
  • Client Success - We hold our clients' mission as our own.

We believe in people who are accountable, curious, and motivated to make an impact that matters.


Our programs make a meaningful difference. CareerSafe supports more than two million users each year, while K2Share delivers cybersecurity and IT solutions that strengthen federal agencies. As part of our team, you'll help solve complex challenges in a mission-driven, small-business environment that values professional growth, collaboration, and work-life balance.


K2Share is seeking an A&A Package Specialist to support a federal health-sector client. In this role, you will develop and maintain the authorization artifacts needed to move client systems through the Risk Management Framework and achieve and maintain Authority to Operate (ATO). You will build accurate authorization packages, support control scoping and tailoring, and validate system-level evidence that supports compliance with NIST SP 800-53 Rev. 5.


This role supports the development of high-quality authorization documentation while maintaining appropriate independence from formal Security Control Assessment (SCA) and Final Assessment Report (SAR) validation for the same systems.


This position is remote first, with periodic on-site support in the Washington, DC metropolitan area as directed, and is contingent upon contract award.  


About You


You are a detail-oriented governance and compliance professional who understands that effective authorization work requires both precision and discipline. You know how to take complex system information and turn it into clear, accurate, and complete RMF documentation that supports sound risk decisions.


You are comfortable working across technical and operational teams to gather evidence, document system boundaries, and help system owners navigate the authorization process. You understand the importance of keeping package development independent from formal assessment validation, and you bring the judgment needed to support that separation cleanly.


You are at your best in environments where accuracy, structure, and follow-through matter. You take ownership of documentation quality, can explain security concepts clearly, and help move systems through the authorization lifecycle with confidence.


Your Impact


As the A&A Package Specialist, you will play a critical role in helping client systems move through the authorization process. You will develop foundational security documentation, assemble complete authorization packages, and support the evidence needed for informed authorization decisions.


In this role, you will:

  • Develop and maintain RMF authorization artifacts, including the System Security Plan (SSP),  Business Impact Analysis (BIA), FIPS 199 categorization, Privacy Threshold/Impact Assessments (PTA/PIA), Configuration Management Plan (CMP), and e-Authentication documentation.
  • Create foundational system documentation, including Boundary Scope Memorandums (BSM), System Architecture diagrams, and Authorization Boundary and Network Diagrams (ABND).
  • Support system owners with  control scoping, tailoring, and identification of applicable overlays such as the client's AI Overlay.
  • Map system inheritance from Common Control Providers and assist with Interconnection Security Agreements (ISAs) and Memorandums of Understanding (MOUs).
  • Technically validate system-level evidence such as configuration screenshots, log samples, and scan reports for accuracy and compliance with NIST SP 800-53 Rev. 5 before inclusion in the SSP.
  • Guide system owners through  the full RMF lifecycle for new systems and reauthorization efforts.
  • Support system categorization, impact analysis, and security control selection.
  • Apply the NIST AI Risk Management Framework (AI RMF 1.0) and relevant OMB guidance for systems incorporating Artificial Intelligence or Machine Learning capabilities.  
  • Develop system-level Contingency Plans (CPs) and Incident Response Plans (IRPs) and support coordination and documentation of annual CP and IRP testing.  
  • Assemble authorization packages for submission to the Security Control Assessor (SCA) and Authorizing Official (AO) and track them through the authorization decision process.
  • Support the development and tracking of corrective actions and Plans of Action and Milestones  (POA&Ms) identified during package development and assessment.
Requirements

  

  • Bachelor's degree in a related  field, or equivalent experience as allowed by company and contract policy.
  • Five or more years of RMF and  A&A package development experience.
  • Hands-on experience authoring SSPs, BIAs, FIPS 199 categorizations, PTA/PIA documentation, and Configuration Management Plans.
  • Strong working knowledge of NIST SP 800-37, NIST SP 800-53 Rev. 5, NIST SP 800-18, and FIPS 199.
  • Demonstrated experience supporting systems through the ATO process through final AO decision.
  • Strong attention to detail, organizational discipline, and the ability to manage multiple documentation workflows at once.
  • Ability to meet federal background investigation requirements.

Preferred Qualifications

  • Active certification such as CISSP, CGRC/CAP, or CompTIA Security+.
  • Experience with GRC or authorization tools such as eMASS, CSAM, Xacta, or JCAM.
  • Experience supporting FedRAMP or cloud-based RMF efforts in AWS and/or Azure.
  • Prior support to federal civilian agency cybersecurity programs.

Benefits

We're invested in the people who make our success possible. As a K2United employee, you'll enjoy a comprehensive benefits package designed to support your professional and personal well-being, including:

  • 401(k) with employer matching
  • Low-cost medical coverage for employees and their families
  • Paid time off
  • Paid leave for jury duty, military service, voting, and other qualifying events
  • Wellness stipend, including fitness reimbursement
  • Tuition assistance
  • Casual work environment
  • Technical training and certification support
  • Complimentary access to CareerSafe online training courses for employees and their immediate family

Equal Opportunity Employer

K2United is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veteran status, or any other characteristic protected by applicable law.

Salary Description
$80,000 - $105,000

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at K2United

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.