Risk Management Framework (RMF) Specialist

About The Position

Requirements

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Minimum of 5 years of experience in cybersecurity, with at least 3 years specializing in RMF processes and DoD information systems.
• Must possess or be willing to obtain relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
• Ability to obtain and maintain a Top Secret/SCI security clearance.
• Proficiency in RMF tools and technologies, such as eMASS (Enterprise Mission Assurance Support Service) and vulnerability assessment tools (e.g., Nessus, ACAS, SCAP).
• In-depth knowledge of NIST Special Publications (SP) 800-37, 800-53, and 800-171, as well as DoD Instruction 8510.01 and related guidelines.
• Strong verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts to both technical and non-technical audiences.
• Excellent analytical and problem-solving skills, with a keen attention to detail and a proactive approach to identifying and addressing security risks.
• Strong problem-solving skills and the ability to troubleshoot database issues effectively.
• Excellent communication and collaboration skills for cross-team efforts.
• Employment is contingent upon successful completion of a background check and drug screening.

Responsibilities

• Lead the implementation of the Risk Management Framework (RMF) for Air Force information systems, ensuring compliance with DoD and Air Force cybersecurity policies.
• Conduct security control assessments and validate the effectiveness of implemented controls for information systems.
• Perform risk assessments to identify vulnerabilities, threats, and risks to information systems, and recommend appropriate mitigation strategies.
• Prepare and maintain RMF documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports.
• Implement and manage continuous monitoring strategies to ensure ongoing assessment and authorization of information systems.
• Work closely with system owners, developers, and other stakeholders to ensure security requirements are integrated throughout the system development lifecycle.
• Support internal and external audits, reviews, and inspections related to information system security.
• Ensure alignment with current Air Force cybersecurity policies, standards, and regulations, and recommend updates to cybersecurity policies as needed.

Benefits

• medical
• dental
• life insurance
• FTO
• 401(k)
• professional development/advancement opportunities