Information Assurance (RMF) Security Specialist

Markon

1d•Onsite

About The Position

Markon is seeking a Senior-level Information Assurance Security (RMF) Specialist for our client in Chantilly, VA. This role ensures systems are securely authorized to operate (ATO) by applying security controls, documenting compliance, and coordinating with technical and security stakeholders throughout the system lifecycle.

Requirements

Active TS/SCI with a current CI Polgraph (preferrably from this client).
BS in Computer Science, Cyber Security, or related field.
Demonstrated hands-on experience executing the RMF lifecycle (all or most phases).
Current, active security certification such as: CompTIA Security+, CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CIAM (Certified Identity and Access Manager).
Familiarity with federal cybersecurity compliance environments.
Ability to operate independently and contribute immediately upon assignment.

Nice To Haves

Master's Degree in Computer Science or Cyber Security.
Experience with cloud security RMF (e.g., AWS GovCloud, Azure Government).
Strong analytical, documentation, and communication skills.
Prior experience supporting ATO packages in enterprise environments.

Responsibilities

Lead and support all phases of the Risk Management Framework (RMF) process in accordance with NIST SP 800-37 and related standards.
Develop, maintain, and update RMF documentation including: System Security Plans (SSPs), Security Assessment Reports (SARs), Plans of Action and Milestones (POA&Ms), Continuous Monitoring Strategies.
Coordinate security authorization packages for Authorization to Operate (ATO) decisions.
Apply and validate security controls based on NIST SP 800-53 and organizational overlays.
Conduct control assessments and support independent security assessments and audits.
Identify security gaps and recommend remediation actions.
Familiarity with current Information Assurance (IA) and cybersecurity tools such as vulnerability management and scanning tools.
Interpret scan results and drive remediation efforts with system owners and engineers.
Support continuous monitoring programs to ensure ongoing compliance with security controls.
Track vulnerabilities, risks, and mitigation progress through POA&M management.
Provide risk-based recommendations to system owners and Authorizing Officials (AOs).
Work closely with system engineers, network administrators, program managers, and security leadership.
Participate in security working groups, technical reviews, and compliance audits.
Communicate security posture and risk status to technical and non-technical stakeholders.