Risk Management Framework (RMF) Specialist

NV5•Saint Louis, MO

23h•Onsite

About The Position

Seeking a dedicated and experienced Risk Management Framework (RMF) Specialist to oversee and manage cybersecurity processes, ensuring compliance with DoD and Air Force policies. The RMF Specialist will play a critical role in safeguarding the Air Force’s information systems by identifying, assessing, and mitigating security risks. This position requires a deep understanding of the RMF lifecycle and its application in a military context. Work Environment: Location: Scott Air Force Base - Belleville, IL (This is not a remote position) Security Clearance: Must possess or be able to obtain and maintain a Top Secret/SCI clearance. Travel < 20% of the time. NV5 is a global technology solutions and consulting services company with a workforce of over 4,500 professionals in more than 100 offices worldwide. NV5’s continued growth has been spurred through strategic investments in firms with unique capabilities to help current and future customers solve the world’s toughest problems. The NV5 family brings together talent across a wide range of markets and fields, including Professional Engineers, Professional Land Surveyors, Architects, Photogrammetrists, GIS Professionals, Software Developers, IT, Project Management Professionals, and more. At NV5 Geospatial, we are a collaboration of intelligent, innovative thinkers who care for each other, our communities, and the environment. We value both heart and head, the diversity of our people, and their experiences because that is how we continue to grow as a leader in our industry and expand our individual and collective potential.

Requirements

Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
Minimum of 5 years of experience in cybersecurity, with at least 3 years specializing in RMF processes and DoD information systems.
Must possess or be willing to obtain relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
Ability to obtain and maintain a Top Secret/SCI security clearance.
Proficiency in RMF tools and technologies, such as eMASS (Enterprise Mission Assurance Support Service) and vulnerability assessment tools (e.g., Nessus, ACAS, SCAP).
In-depth knowledge of NIST Special Publications (SP) 800-37, 800-53, and 800-171, as well as DoD Instruction 8510.01 and related guidelines.
Strong verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts to both technical and non-technical audiences.
Excellent analytical and problem-solving skills, with a keen attention to detail and a proactive approach to identifying and addressing security risks.
Strong problem-solving skills and the ability to troubleshoot database issues effectively.
Excellent communication and collaboration skills for cross-team efforts.
Employment is contingent upon successful completion of a background check and drug screening.

Responsibilities

Lead the implementation of the Risk Management Framework (RMF) for Air Force information systems, ensuring compliance with DoD and Air Force cybersecurity policies.
Conduct security control assessments and validate the effectiveness of implemented controls for information systems.
Perform risk assessments to identify vulnerabilities, threats, and risks to information systems, and recommend appropriate mitigation strategies.
Prepare and maintain RMF documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports.
Implement and manage continuous monitoring strategies to ensure ongoing assessment and authorization of information systems.
Work closely with system owners, developers, and other stakeholders to ensure security requirements are integrated throughout the system development lifecycle.
Support internal and external audits, reviews, and inspections related to information system security.
Ensure alignment with current Air Force cybersecurity policies, standards, and regulations, and recommend updates to cybersecurity policies as needed.