Security/RMF Specialist

About The Position

Requirements

• Active Secret Required
• CISSP, CAP, CISM, or Security+ certification required

Nice To Haves

• Active Secret Clearance Preferred
• Bachelor’s Degree in Computer Science or Information Systems
• 5+ years of experience in information security, with 3+ years supporting RMF and federal compliance efforts.
• Strong working knowledge of: NIST RMF, CCSRG, NIST SP 800-53, FedRAMP, FISMA.
• Experience authoring and maintaining RMF documentation (SSP, POA&M, SAR).
• CISSP, CAP, CISM, or Security+ certification.

Responsibilities

• Execute and manage the full NIST RMF lifecycle (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor).
• Support system authorization efforts, including: Initial ATO, ATO renewals, Significant change packages, Continuous ATO (cATO) initiatives where applicable.
• Ensure compliance with: NIST SP 800-53 (Rev 4/5), FedRAMP Moderate / High, FISMA, DoD RMF / DoD Cloud Computing Security Requirements Guide (SRG)
• Assess and monitor cloud security configurations across AWS services such as: IAM, VPC, Security Groups, NACLs, CloudTrail, CloudWatch, Config, KMS, S3, RDS, ECS/EKS (as applicable)
• Ensure proper implementation of: Least privilege access, Encryption at rest and in transit, Logging, monitoring, and alerting, Boundary protection, and network segmentation.
• Track remediation activities and manage POA&Ms through closure.
• Perform risk assessments and provide risk-based recommendations to system owners and Authorizing Officials (AOs).
• Advise program leadership on security posture, risks, and mitigation strategies.

Benefits

• medical, dental, and vision insurance
• life and disability insurance
• 401(k) plan with employer match
• paid holidays
• PTO (sick/vacation)
• commuter benefits
• employee assistance program (EAP)
• educational reimbursement
• Pet Insurance