Risk Management Framework (RMF) Subject Matter Expert (SME)

About The Position

Requirements

• 10+ years experience in cyber security, with a strong emphasis on Risk Management Framework (RMF) within the DoD or Federal environment.
• Bachelor’s degree in a related field. Additional years of experience may be substituted for degree requirements.
• Must be Security+ certified.
• Extensive experience with DoD RMF processes, ATO lifecycle management, and continuous monitoring.
• Demonstrated expertise in eMASS and RMF package development and management.
• Strong knowledge of Air Force, DoD, and Federal cyber security directives, policies, and instructions.
• Hands-on experience conducting security control assessments, vulnerability management, and POA&M tracking.
• Experience supporting cyber security inspections (e.g., CCRI, IG inspections, SAVs).
• Able to interpret and implement STIGs, security guidance, and vulnerability remediation requirements.
• Strong ability to work independently and collaboratively, providing technical leadership across multiple stakeholders.
• Excellent communication skills, with the ability to translate complex cyber security concepts into actionable guidance.
• Must be a US citizen and hold a current Secret clearance.

Nice To Haves

• CISSP certification preferred.

Responsibilities

• Serve as the lead RMF Subject Matter Expert supporting the Wing Cyberspace Office (WCSO) for all systems and enclaves within the base enterprise.
• Lead the management, implementation, and execution of the Risk Management Framework (RMF) lifecycle (Categorize, Select, Implement, Assess, Authorize, and Monitor) for supported systems.
• Develop, maintain, and validate RMF artifacts within Enterprise Mission Assurance Support Service (eMASS) to ensure completeness, accuracy, and compliance with DoD and Air Force requirements.
• Provide expert guidance to ISSMs, ISSOs, and system owners on ATO packages, reauthorization efforts, and continuous monitoring strategies.
• Ensure continuous compliance with DoD, Air Force, NSA, and NIST cybersecurity policies and directives, including NIST SP 800-53 and DoDI 8510.01.
• Conduct risk assessments and security control evaluations, recommending mitigation strategies to reduce risk to acceptable levels.
• Review and validate Security Technical Implementation Guides (STIGs), vulnerability alerts, and cybersecurity directives for implementation across supported systems.
• Support Authorization to Operate (ATO), Authority to Connect (ATC), and Interim Authorization (IATT) processes as required.
• Develop and manage Plans of Action & Milestones (POA&Ms) and track remediation efforts to closure.
• Provide direct support during cybersecurity inspections and audits (e.g., CCRI, IG, SAV), including preparation, execution, and remediation.
• Advise on system architecture, boundary definitions, and control inheritance to improve RMF efficiency and cybersecurity posture.
• Collaborate with network, system, and cybersecurity teams to ensure secure integration and sustainment of systems.
• Analyze and report cybersecurity posture metrics and trends, providing recommendations for continuous improvement.
• Mentor and provide RMF training and knowledge transfer to cybersecurity staff and stakeholders across the Wing.

Benefits

• Health and Dental Insurance
• 401(k) and Matching
• Life Insurance
• Short- and Long-Term Disability
• Paid Time Off
• Paid Holidays
• Professional Membership, Technical Training, Certification, and Education Assistance