Platform Security & RMF Lead

About The Position

Requirements

• 10+ years of information assurance or security engineering experience with increasing seniority
• 5+ years of hands-on ownership of RMF / ATO packages for DoD production systems, including at least one full authorization cycle (categorization → controls → implementation → assessment → authorization → ConMon).
• Deep familiarity with DoD security frameworks, RMF processes, and NIST 800-53 controls
• Proven ability to operate in complex, multi-enclave or classified environment
• US Citizenship Required
• Active Secret Clearance

Nice To Haves

• Active TS/SCI Clearance
• Experience supporting USMC or Service-level network environments
• Experience with ATO inheritance, reciprocity, or common control provider model
• Experience with cross-domain solutions or multi-level security architectures
• Familiarity with Palantir Foundry or Anduril Lattice environments
• Prior experience as an ISSO, SCA, or in a similar senior DoD security role

Responsibilities

• Define and execute the ATO pathway, including responsibility allocation across government and contractor teams
• Author and maintain RMF documentation (SSP, SAP, SCTM, ConMon) in accordance with DoDI 8510.01 and NIST 800-53
• Coordinate with eMASS and Authorizing Officials on assessment and authorization activities
• Lead continuous monitoring and reauthorization efforts across the system lifecycle
• Define security requirements for cross-domain data flows (IL-5, IL-6, tactical edge)
• Evaluate and guide selection of DoD-approved cross-domain solutions
• Ensure classification-aware data segmentation is enforceable, auditable, and aligned with policy (e.g., NOFORN, REL_TO, ORCON)
• Review system architecture to ensure compliant handling of classified data flows
• Support secure operation across NIPR, SIPR, and higher classification environments
• Define authorization approaches (inheritance vs. standalone ATOs) across enclaves
• Ensure security posture scales without requiring fundamentally different architectures
• Maintain alignment with evolving joint and service-level security requirements
• Serve as the authoritative internal resource for DoD security and RMF-related questions
• Advise on container security, RBAC, service mesh security, PKI/CAC integration, and secrets management
• Define expectations for security scanning, container hardening, and vulnerability management (without owning the pipeline)
• Evaluate new capabilities for security and authorization impacts prior to production deployment

Benefits

• A fully remote, results-based environment
• Competitive salary, bonus, and equity package
• 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
• Unlimited PTO, with your manager’s approval
• Flexible work environment where you manage your work day
• 14 weeks of fully-paid parental leave