RMF Risk Assessor

Dark Wolf Solutions•Colorado Springs, CO

1d•$120,000 - $160,000•Hybrid

About The Position

Dark Wolf Solutions is seeking an experienced RMF Security Assessor with expertise in the Risk Management Framework (RMF) to join our team. The successful candidate will have a strong understanding of security risks and compliance requirements, particularly within the Defense Industrial Base (DIB). As a Security Assessor, you will leverage your Risk Management Framework (RMF), risk assessment methodologies, and vulnerability management experience to help our client streamline processes, improve systems, and enhance product delivery and lifecycle management. This role is essential in providing significant impacts to the program, helping teams navigate the cATO and deployment processes efficiently while maintaining high standards of security and compliance.

Requirements

6+ years of relevant experience in providing RMF expertise and security risk assessments. Emphasis on cloud security.
Experience in cATO and Fast Track ATO processes and procedures.
A Certified Kubernetes Administrator (CKA) certification is highly desirable to understand risks in containerized application environments.
Previous experience in security risk assessment and management, especially in cloud-based systems.
Ability to meticulously assess security risks and ensure compliance with client and program requirements.
Strong verbal and written communication skills to effectively collaborate with cross-functional teams and stakeholders.
Proactive approach to identifying and mitigating risks in systems and processes.
Bachelor’s in Statistics, Mathematics, Computer Science or another related field
US Citizenship and ability to obtain a Secret security clearance

Nice To Haves

DoD experience strongly encouraged, followed by IC and Fed Civilian.
Experience assessing DIB organizations or working with federal cybersecurity regulations (NIST SP 800-53, NIST SP 800-171, CMMC 2.0, FedRAMP).
Relevant certifications such as CISSP, CISA, CISM, Security+, or equivalent.
Experience with vulnerability scanning tools and techniques, including but not limited to Trivy, Sonarqube, and Tenable Security Center.

Responsibilities

Applying the Risk Management Framework (RMF) to assess and evaluate DIB organizations and their cloud-based applications.
Reviewing and analyzing security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms), for RMF compliance.
Conducting comprehensive risk assessments to identify, analyze, and evaluate cybersecurity risks to DIB organizations, particularly those operating in cloud environments.
Evaluating vulnerability management programs to determine their effectiveness in identifying and mitigating security weaknesses.
Assessing Defense Industrial Base (DIB) and potential DIB companies for adherence to Federal cybersecurity policies, standards, and best practices, including but not limited to NIST SP 800-53, NIST SP 800-171, CMMC 2.0, and FedRAMP requirements.
Overseeing the continuous Authorization to Operate (cATO) assessment process for multiple applications.
Ensuring applications going into production minimize risk and comply with client and program policies and requirements.
Assessing and mitigating risks associated with the deployment and operation of applications in cloud environments.
Collaborating with cross-functional teams to manage the lifecycle of various capabilities, from configuration to enhancement and development.
Overseeing data management processes to ensure data integrity and security.
Providing support for ongoing operations and maintenance of systems to ensure security and compliance.
Applying HCD methodologies to the design and development of products, ensuring user-centric solutions.