Sr. RMF Security Engineer

Leidos•San Diego, CA

13d•Onsite

About The Position

Leidos has a new and exciting opportunity for a Sr. RMF Security Engineer in our National Security Sector's (NSS) Cyber & Analytics Business Area (CABA). Our talented team is at the forefront in Security Engineering, Computer Network Operations (CNO), Mission Software, Analytical Methods and Modeling, Signals Intelligence (SIGINT), and Cryptographic Key Management. At Leidos, we offer competitive benefits, including Paid Time Off, 11 paid Holidays, 401K with a 6% company match and immediate vesting, Flexible Schedules, Discounted Stock Purchase Plans, Technical Upskilling, Education and Training Support, Parental Paid Leave, and much more. Join us and make a difference in National Security! Primary Responsibilities: Leidos is seeking a Sr. Risk Management Framework (RMF) Security Engineer to support a project at a Navy base in San Diego. This position will play a critical role in ensuring that information systems comply with federal cybersecurity standards, particularly within the U.S. Department of Defense (DoD) cyber community. The RMF Security Engineer will guide the project through the RMF lifecycle, which includes categorizing information systems based on risk, selecting and implementing appropriate security controls (per NIST SP 800-53 or DoD-specific requirements), and assessing those controls for effectiveness. The RMF Security Engineer will conduct continuous monitoring, identify vulnerabilities, address compliance gaps, and ensure systems remain secure against evolving threats. The RMF Security Engineer will act as a technical advisor and problem solver, bridging the gap between cybersecurity policy and system implementation. Will perform risk assessments, analyze security test results, and recommend mitigation strategies to address findings—whether through configuration changes, tool updates, or process improvements. This position is 100% on site at the Navy base.

Requirements

Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science or related field. BS with 12+ years’ experience or MS with 10+ years’ experience. Will consider work experience in lieu of a degree.
DoD 8570 approved security certification (i.e., Security +) (Will be required 90 days after hire).
Position requires US citizenship and an active Secret DoD security clearance.
RMF Compliance Expertise: Deep knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FedRAMP, and DoD Instruction 8510.01 (DIARMF).
Security Assessment & Authorization (SA&A): Experience preparing System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action & Milestones (POA&M).
Conducting risk assessments, vulnerability scans, and penetration testing.
eMASS (Enterprise Mission Assurance Support Service)
SCAP tools (e.g., Nessus, Tenable.sc, OpenSCAP).
SIEM tools (e.g., Splunk, ArcSight).
STIG compliance (DISA STIGs, SCAP benchmarks)

Nice To Haves

Python, Bash, PowerShell for automation
AI/ML in RMF
Zero Trust Integration: Understanding NIST SP 800-207 (Zero Trust Architecture) and how it intersects with RMF.
CMMC 2.0.
COMSEC Understanding
CISSP Certification