Risk Management Framework Engineer

About The Position

Requirements

• Risk Management Framework (RMF) lifecycle experience: all or most phases, including POA&M and continuous monitoring.
• ATO Process expertise: system support authorization, reauthorization and continuous compliance.
• Security control implementation based on NIST SP 800-53
• Experience with using ServiceNOW
• Bachelor’s in computer science, Cybersecurity, or information technology, or a related field
• At least 3-5 years of experience
• Active TS/SCI with a current CI Polygraph
• BS in Computer Science, Cyber Security, or related field.
• Demonstrated hands-on experience executing the RMF lifecycle (all or most phases).
• Familiarity with federal cybersecurity compliance environments
• One of more of the following active security certifications such as: CompTIA Security+, CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CIAM (Certified Identity and Access Manager).

Nice To Haves

• Familiarity with current Information Assurance (IA) and cybersecurity tools such as vulnerability management and scanning tools
• Experience with assessing security requirements and evaluating systems for gaps in security requirements.

Responsibilities

• Lead and support all phases of the Risk Management Framework (RMF) process in accordance with NIST SP 800-37, NIST SP 800-53 Security and Privacy Controls and related standards.
• Develop, maintain, and update RMF documentation including: System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
• Coordinate security authorization packages for ATO decisions.
• Work closely with system engineers, network administrators, program managers, and security leadership.
• Participate in security working groups, technical reviews, and compliance audits.
• Communicate security posture and risk status to technical and non-technical stakeholders.