Today
Secret
Unspecified
Unspecified
IT - Security
Alexandria, VA (On-Site/Office)
We're looking for a DoD RMF Security Engineer to join our team. This role is an opportunity to directly support mission-critical defense initiatives by ensuring secure systems, compliance with federal standards, and effective risk management. If you enjoy solving complex security challenges and working in a collaborative environment, this position offers both impact and growth.
Work Location: Hybrid - average 1 day per week onsite at the Mark Center in Virginia (minimum 1 day/month)
What You'll Work On
Requirements:
Additional Role Requirements
This role is ideal for someone who thrives in a mission-driven environment, values collaboration, and is passionate about strengthening cybersecurity for critical defense systems.
Work Location: Hybrid - average 1 day per week onsite at the Mark Center in Virginia (minimum 1 day/month)
What You'll Work On
- Provide end-to-end Assessment & Authorization (A&A) support for DoD cybersecurity, privacy, and financial control initiatives
- Interpret risks and recommend solutions to meet DoD compliance and cybersecurity requirements under the NIST RMF and DoD Policy
- Map, implement, interpret, and document RMF security controls
- Manage the eMASS cybersecurity management tool
Requirements:
- 5 years of relevant RMF/Security Engineering experience to include:
- Experience in mapping, implementing, interpreting, and documenting RMF security controls
- Experienced managing the eMASS cybersecurity management tool
- Experience developing and submitting at least six (6) ATO packages
- Current Secret Clearance
- IAT level II (ie Security +)
Additional Role Requirements
- Strong knowledge of the Risk Management Framework (RMF) lifecycle within the federal government, including all A&A phases
- Experience supporting client risk management tasks such as:
- Managing POA&Ms
- Conducting Security Tests and Evaluations (ST&E)
- Creating system documentation
- Performing authorizations and risk assessments
- Handling third-party audits
- Ensuring compliance with NIST 800-53 standards
- Performing threat assessments
- Ability to plan and monitor security control implementation to protect networks, enclaves, and systems
- Skilled in generating and interpreting ACAS scans to identify vulnerabilities and support remediation efforts
- Hands-on experience implementing and evaluating STIGs, SCAP, and SCAP Compliance Checker (SCC)
- Familiarity with A&A application platforms such as eMASS, CSAM, Xacta
- Prior technical background (e.g., system or network administrator) is a plus
This role is ideal for someone who thrives in a mission-driven environment, values collaboration, and is passionate about strengthening cybersecurity for critical defense systems.
group id: 91082210
