Senior RMF & ATO Engineer

i4DMMillersville, MD

About The Position

We are seeking an experienced Senior RMF & ATO Security Engineer to serve as the technical cybersecurity lead responsible for implementing and maintaining Risk Management Framework (RMF), Authorization to Operate (ATO), and continuous monitoring activities supporting a mission-critical cloud-native platform within the Department of Veterans Affairs (VA). This is a hands-on engineering role that partners closely with Cloud Engineers, DevSecOps Engineers, Site Reliability Engineers, Solution Architects, and Government cybersecurity stakeholders to integrate security throughout the system lifecycle. The Senior RMF & ATO Security Engineer will engineer security controls, automate compliance validation, support secure cloud deployments, and ensure continuous authorization through effective implementation of Federal cybersecurity requirements.

Requirements

  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field.
  • 7+ years supporting RMF, ATO, cybersecurity engineering, or cloud security in Federal environments.
  • Strong knowledge of NIST SP 800-53, RMF, FISMA, HIPAA, and VA cybersecurity requirements.
  • Experience with AWS, Kubernetes, Docker, Terraform, and CI/CD security integration.
  • Experience with vulnerability management, POA&M tracking, and continuous monitoring.
  • CISSP, CISM, or equivalent certification.
  • Eligible to obtain and maintain a Public Trust clearance.

Nice To Haves

  • AWS GovCloud experience.
  • Experience with eMASS, SNOWCAM, Nessus, Security Hub, GuardDuty, Vault, Prometheus, Grafana, ELK, or Splunk.
  • Experience securing healthcare platforms handling PHI.
  • Experience supporting Kafka/MSK and event-driven architectures.

Responsibilities

  • Implement security controls required throughout the NIST RMF lifecycle.
  • Engineer technical solutions supporting Categorize, Select, Implement, Assess, Authorize, and Monitor activities.
  • Develop and maintain SSPs, POA&Ms, Security Assessment Reports, contingency plans, and authorization artifacts.
  • Implement continuous monitoring processes, vulnerability management, and compliance reporting.
  • Integrate SAST, DAST, container scanning, IaC validation, and other security automation into CI/CD pipelines.
  • Collaborate with Cloud, DevSecOps, SRE, and software engineering teams to implement secure cloud-native architectures.
  • Review AWS and Kubernetes environments for compliance with NIST SP 800-53 and VA security requirements.
  • Participate in incident response, root cause analysis, and corrective action implementation.
  • Support security audits, assessments, and ATO renewals by producing technical evidence and documentation.
  • Mentor junior engineers on RMF implementation and cloud security best practices.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service