RMF / ATO Automation Lead

About The Position

Requirements

• US citizenship with the ability to obtain a Secret security clearance
• Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field (or equivalent experience).
• 15+ years of experience supporting RMF, ATO, or cybersecurity compliance efforts within DoD or IC environments.
• Demonstrated experience leading ATO and/or cATO efforts for complex systems or enclaves.
• Hands-on experience with eMASS, including package development, workflow management, and approvals.
• Proven experience supporting systems at Impact Level 5 (IL5) and/or Impact Level 6 (IL6).
• Ability to obtain and maintain a U.S. Government security clearance (active clearance preferred).
• Deep expertise in RMF for DoD systems, including control implementation, assessment, and authorization.
• Strong working knowledge of eMASS, RMF workflows, and AO expectations.
• Experience automating security and compliance tasks using tools such as Ansible, Terraform, and SCAP tooling.
• Proficiency with cloud security in Oracle Cloud Infrastructure (OCI), including OCI Logging Analytics (OCI LA).
• Familiarity with containerized and cloud-native environments, including Docker and Kubernetes.
• Experience integrating SIEM tools and log analytics to support continuous monitoring.
• Solid understanding of DevSecOps methodologies and embedding security into CI/CD pipelines.
• Strong documentation, communication, and stakeholder management skills, with the ability to translate compliance requirements into technical solutions.
• Ability to operate independently as a senior lead while mentoring junior RMF or security staff.

Responsibilities

• Lead the end-to-end RMF accreditation and ATO lifecycle for assigned enclaves, including initial ATO and continuous ATO (cATO).
• Implement and assess security controls in accordance with CNSSI 1253, NIST SP 800-171, and NIST SP 800-53 / 800-59 as applicable.
• Author, maintain, and update RMF documentation including System Security Plans (SSPs), POA&Ms, security assessments, and supporting artifacts.
• Manage ATO submission packages and navigate eMASS approval chains, coordinating with ISSOs, ISSEs, AO representatives, and government stakeholders.
• Design and implement automation strategies to streamline compliance, control validation, evidence collection, and continuous monitoring.
• Support DevSecOps-driven cATO processes, integrating security controls into CI/CD pipelines.
• Lead and support continuous monitoring activities, including vulnerability management, log analysis, and control effectiveness reporting.
• Architect and support Identity and Access Management (IAM) federation solutions within Oracle Cloud Infrastructure (OCI).
• Partner with engineering, cloud, and security teams to ensure RMF requirements are embedded into system architecture and operational processes.
• Provide expert guidance on operating in IL5/IL6 classified and regulated cloud environments.

Benefits

• Comprehensive Health, Dental, and Vision plans
• Premier 401k retirement plan with corporate matching and a 529 college saving plan
• Tax-advantaged Health Savings Account and Dependent Care Flexible Spending Account options
• Legal Resources
• Generous work/life balance opportunities supported by a PTO bank, paid holidays, leave programs and additional flex time off
• Employee referral program
• Employee recognition, gift and reward program
• Tuition reimbursement for continuing education
• Remote or hybrid work options
• Engaging company events such as team building activities, annual awards and kick-off parties
• Health and wellness-focused activities
• Relaxation Spaces
• In-office gourmet coffee, tea, fresh fruit and healthy snacks