Cybersecurity RMF/ATO Sustainment Consultant

About The Position

Requirements

• Minimum 8 years of cybersecurity, RMF, ISSO, or ISSM experience OR Master’s degree with 4+ years of directly relevant experience.
• Proven consulting or advisory experience supporting multi-cloud ATO environments and on-premise ATOs for simulation or VR systems.
• Extensive experience with eMASS documentation and RMF sustainment activities.
• Demonstrated proficiency with ACAS, HBSS, Nessus, SCAP, and STIG Viewer.
• Strong working knowledge of NIST RMF and continuous monitoring frameworks.
• CompTIA Security+ required (active throughout the engagement).
• Contractor must operate as an independent business entity.
• Contractor retains discretion regarding how and when work is performed to meet deliverable deadlines.
• Contractor may perform services for other clients concurrently, provided no conflict of interest exists.
• Contractor may engage qualified personnel or subcontractors, subject to Government security and access requirements.

Nice To Haves

• Former DoD, Air Force, or federal cybersecurity professional with RMF consulting experience.
• Enterprise cybersecurity consultant specializing in ATO sustainment and compliance.
• Self-directed professional with strong documentation discipline.
• Comfortable operating with minimal supervision and high accountability for deliverables.
• Mission-oriented consultant able to rapidly assess and stabilize compliance posture.

Responsibilities

• Review existing ATO packages for multiple cloud-based environments and on-premise virtual reality or simulation systems.
• Develop and update RMF documentation artifacts aligned to RMF Steps 1–7.
• Provide sustainment recommendations for eMASS packages, SSPs, POA&Ms, and continuous monitoring strategies.
• Assess accreditation documentation for alignment with Air Force and DoD cybersecurity standards.
• Advise Government and project stakeholders on RMF compliance posture and risk mitigation strategies.
• Conduct independent assessments of cybersecurity controls and risk posture.
• Perform vulnerability assessment analysis using ACAS, Nessus, HBSS, SCAP, and STIG benchmarks.
• Provide written remediation recommendations for identified vulnerabilities and IAVAs.
• Assess incident response processes and provide improvement recommendations.
• Review firewall configurations, patch management practices, and access governance from a compliance standpoint.
• Produce consulting deliverables such as RMF sustainment assessment summaries, ATO readiness gap analyses, risk management plans and compliance roadmaps, and SOP and process improvement recommendations.
• Provide compliance advisory support aligned with NIST SP 800-53, NIST SP 800-171, DoDI 8510.01 (RMF), DFARS cybersecurity requirements, and DoD 8570 / 8140 guidance.
• Conduct third-party software security review assessments and vendor risk analyses as requested.

Benefits

• All federal, state, and local tax obligations
• Insurance, benefits, and business expenses
• No overtime, benefits, or employee entitlements apply