Cyber RMF Specialist

About The Position

Requirements

• U.S. Citizenship and a minimum active Secret security clearance is required for this position. Certain task orders or work locations may require a Top Secret (TS) or TS/SCI clearance. All personnel must be able to obtain and maintain the required clearance level and must possess a valid DoD Common Access Card (CAC). Personnel may be required to access systems across multiple classification domains, including Unclassified (NIPR), Secret (SIPR), and Top Secret/Collateral networks.
• Bachelor's degree in Computer Science, Computer Engineering, Information Technology, Information Systems, Cybersecurity, or a closely related technical field; OR Associate's degree in a related technical field plus additional qualifying experience; OR Equivalent combination of education, training, and directly relevant DoD IT experience.
• Working knowledge of the DoD Risk Management Framework (RMF) and NIST SP 800-53, NIST SP 800-37, and CNSSI 1253.
• Experience developing or maintaining A&A documentation (SSP, RAR, SAR, POA&M).
• Experience with eMASS or an equivalent A&A workflow tool.
• Working knowledge of DoD STIGs, IAVAs, SCAP, and STIG Viewer.
• Experience analyzing ACAS / Nessus vulnerability scan results.
• Familiarity with Windows Server, Active Directory, and common DoD IT infrastructure.
• Ability to apply DoD STIGs and IAVAs to maintain system compliance.
• Ability to create and maintain technical documentation, SOPs, and compliance artifacts.
• Ability to work shift hours, weekends, or on-call rotations as required by task order.
• Strong oral and written communication skills; ability to brief technical topics to non-technical stakeholders.
• Personnel must meet DoD Directive 8570.01-M / DoD 8140 baseline certification requirements applicable to their assigned Cyber IT/Cybersecurity role. One of the following certifications satisfies the minimum IAT Level II requirement: CompTIA Security+ CE, Cisco CCNA Security, CySA+ (CompTIA Cybersecurity Analyst), GIAC Security Essentials (GSEC), Systems Security Certified Practitioner (SSCP).
• Additional computing environment (CE) certifications may be required depending on the specific technologies managed (e.g., Microsoft, VMware, Red Hat, Cisco). Certifications must be current and maintained throughout the period of performance.

Nice To Haves

• Experience in a DoD, Intelligence Community, or Federal Government IT environment.
• Familiarity with ITIL service management practices.
• Experience with Tanium, Splunk, or other endpoint compliance and SIEM tooling.
• Familiarity with Continuous Monitoring (CONMON), Cyber Hygiene, and JFHQ-DODIN operations.
• Experience supporting Authorizing Official (AO) packages and ATO submissions.
• Familiarity with cloud RMF (DoD Cloud Computing Security Requirements Guide, FedRAMP) and applicable overlays.
• Knowledge of cloud platforms (Microsoft Azure Government, AWS GovCloud) and hybrid infrastructure environments.
• Experience with PowerShell, Python, or other scripting languages for compliance automation.
• Knowledge of DoD Identity, Credential, and Access Management (ICAM) frameworks.
• Certified Authorization Professional (CAP) or Governance, Risk and Compliance Certification (CGRC).
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• eMASS user training completion.
• ACAS Vulnerability Management certification.

Responsibilities

• Execute RMF activities in accordance with DoD Instruction 8510.01 across the six RMF steps: Categorize, Select, Implement, Assess, Authorize, and Monitor.
• Develop, review, and maintain System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Assessment Reports (SARs), and supporting Assessment and Authorization (A&A) artifacts.
• Coordinate with system owners and engineering teams to capture system descriptions, accreditation boundaries, data flows, and information types in accordance with CNSSI 1253 and NIST SP 800-53.
• Support ATO sustainment, reauthorization, and ongoing authorization activities for assigned accreditation boundaries.
• Administer the Enterprise Mission Assurance Support Service (eMASS) including system registration, control implementation status updates, artifact uploads, and workflow routing to the assessor and Authorizing Official.
• Execute continuous monitoring activities including control reassessment, configuration drift analysis, and recurring evidence collection to maintain authorization currency.
• Maintain accurate mappings between deployed technical controls, NIST SP 800-53 control statements, and DoD overlays so that compliance evidence is traceable end-to-end.
• Develop, track, and update Plan of Action and Milestones (POA&Ms) on the cadence required by Government leadership.
• Coordinate with technical SMEs to scope remediation actions, validate completion, and submit milestone updates.
• Conduct root cause analysis for repeat findings and recommend systemic controls to drive down the vulnerability backlog.
• Develop and submit follow-on POA&Ms after Government inspections, audits, or assessments within Government-required timelines.
• Prepare risk acceptance packages where remediation is not feasible and coordinate Government approval through the appropriate authority.
• Conduct STIG compliance assessments using SCAP-based tools, STIG Viewer, and manual checks against deployed systems.
• Develop and maintain schedules for manual STIG checks and ensure recurring execution by responsible technical teams.
• Analyze ACAS / Nessus vulnerability scan output, develop weekly scan analysis reports, and coordinate remediation with system owners.
• Track new Information Assurance Vulnerability Management (IAVM) advisories and STIG releases; produce recurring metrics on coverage and remediation status.
• Maintain assigned accreditation boundaries at a non-critical vulnerability posture as defined by Government quality standards and report any deviations to leadership.
• Acknowledge receipt of TASKORDs, OPORDs, and other Government cyber tasking within the required response window.
• Decompose Government cyber tasking into actionable work, assign to responsible parties, and track to closure with auditable evidence.
• Coordinate with system administrators and engineering teams to validate compliance of new deployments and produce recurring reporting on deployment, software introduction, and patching tool status.
• Track DoD 8570.01-M and DoD 8140 workforce certification compliance for cyber personnel; coordinate certification renewals and provide monthly compliance reporting to the cybersecurity team.
• Ensure all assigned systems maintain compliance with DoD Security Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alerts (IAVAs), and applicable Command Cyber Tasking Orders (CCTOs).
• Support cybersecurity incident response activities including evidence collection, timeline reconstruction, and after-action reporting.
• Participate in cybersecurity coordination calls, RMF working groups, and Government-led security reviews.
• Adhere to DoD 8570.01-M / DoD 8140 Information Assurance workforce requirements applicable to the assigned role.
• Develop, update, and maintain SOPs, Work Instructions (WIs), and technical documentation for all supported compliance functions.
• Provide status updates, incident reports, and After Action Reports (AARs) as required by Government leadership.
• Participate in configuration change control board (CCB) processes; ensure security impact of changes is assessed prior to approval.
• Collaborate with network, cybersecurity, storage, and application teams to resolve cross-functional compliance issues.
• Provide content for recurring leadership briefings on RMF status, ticket metrics, vulnerability posture, and SLA impact.
• Provide technical support and training to end users and junior staff as needed.

Benefits

• Competitive salary based on experience
• Comprehensive benefits package including health, dental, vision, and retirement plans
• Paid time off and holidays