Cyber RMF Engineer

Core4ce is seeking a seasoned Cyber RMF Engineer with extensive experience supporting cloud environments and enabling Continuous ATO (cATO) for DoD and Federal systems. The ideal candidate will be an expert in Risk Management Framework (RMF) execution, security control implementation, evidence development, and guiding programs through the full security lifecycle-from initial assessment through authorization and continuous monitoring. This role will work closely with mission partners, engineering teams, ISSOs/ISSMs, and government Authorizing Officials to ensure secure, compliant, and resilient architectures in both on-prem and cloud (AWS) environments.

Responsibilities:

• Manage and optimize the full lifecycle of RMF activities (Categorization → Continuous Monitoring) for cloud and hybrid systems.
• Manage and support Continuous ATO (cATO) processes, including security baselines, real-time monitoring, automated evidence generation, and responding to risk indicators.
• Develop, update, and maintain RMF documentation, including SSPs, SARs, RARs, POA&Ms, eMASS entries, and body-of-evidence artifacts.
• Conduct security control assessments, validate technical and procedural controls, and ensure alignment with NIST SP 800-53, CNSSI 1253, and DoD Cloud SRG requirements.
• Work with cloud engineers and DevSecOps teams to integrate security into CI/CD pipelines, automated testing, and secure configuration management.
• Support system architecture reviews and recommend enhancements related to cybersecurity, compliance, and risk mitigation.
• Provide security engineering guidance and SME support to program leadership, developers, system owners, and stakeholders.
• Coordinate with AOs, SCA teams, ISSOs, ISSMs, and external auditors to facilitate authorization decisions.
• Track vulnerabilities, remediation efforts, patch management, and ongoing risk posture.
• Conduct continuous monitoring activities including log review, incident response coordination, and security performance reporting.

Qualifications:

• Ability to obtain and maintain a Secret security clearance.
• Ability to obtain and maintain a DoD 8570 IAT Level II Certification.
• 5+ years of experience in cybersecurity engineering or RMF roles.
• Proven success obtaining or maintaining ATO or Continuous ATO for DoD or Federal cloud systems.
• Strong knowledge of:
• NIST RMF, NIST 800-53, FISMA, DoD 8510.01
• Cloud security frameworks and DoD Cloud SRG
• eMASS or equivalent compliance tools
• Hands-on experience with AWS security services, architecture, and configuration.
• Deep understanding of vulnerability management, security architecture, system hardening (STIGs/SRGs), and secure engineering practices.
• Ability to translate technical risk findings into clear recommendations for leadership.

Preferred Qualifications:

• Experience supporting DevSecOps, CI/CD pipelines, and automated security testing.
• Knowledge of Zero Trust Architecture (ZTA), cloud-native security tools, and container security (Kubernetes, Docker).
• Prior experience working with government AOs, SCAs, ISSMs, and cyber compliance teams.
• Certifications:
• CISSP-ISSAP/ISSEP, CCSP
• AWS cloud certifications
• RMF/CAP or similar compliance certifications

Why Work for Us?

Core4ce is a team of innovators, self-starters, and critical thinkers-driven by a shared mission to strengthen national security and advance warfighting outcomes.

We offer:

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage-employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.

Join us to build a career that matters-supported by a company that invests in you.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.