Job Requirements
Pentagon, DC
Secret Polygraph not specified
Career Level not specified
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
We are a rapidly growing organization seeking experienced Cyber RMF Specialist to provide IT expertise for supporting a DISA environment. This position is responsible for executing the DoD Risk Management Framework (RMF) and broader cyber compliance functions across the assigned IT portfolio. The Cyber RMF Specialist ensures that systems, accreditation boundaries, and supporting processes are properly assessed, documented, monitored, and maintained, and that the resulting compliance posture adheres to DoD security standards, organizational values, and contractual performance requirements.
This role supports Government customers across one or more classification domains and may require work across standard business hours or on a shift/rotational schedule depending on task order requirements. The Cyber RMF Specialist works in close partnership with system owners, system administrators, the cybersecurity team, and the Authorizing Official's staff to ensure systems achieve and sustain Authorization to Operate (ATO) status and remain compliant with all applicable DoD, CYBERCOM, and DISA policies, directives, and orders.
Duties will vary based on position and area of focus:
Risk Management Framework (RMF) Execution
• Execute RMF activities in accordance with DoD Instruction 8510.01 across the six RMF steps: Categorize, Select, Implement, Assess, Authorize, and Monitor.
• Develop, review, and maintain System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Assessment Reports (SARs), and supporting Assessment and Authorization (A&A) artifacts.
• Coordinate with system owners and engineering teams to capture system descriptions, accreditation boundaries, data flows, and information types in accordance with CNSSI 1253 and NIST SP 800-53.
• Support ATO sustainment, reauthorization, and ongoing authorization activities for assigned accreditation boundaries.
• eMASS Administration: Administer the Enterprise Mission Assurance Support Service (eMASS) including system registration, control implementation status updates, artifact uploads, and workflow routing to the assessor and Authorizing Official.
• Continuous Monitoring: Execute continuous monitoring activities including control reassessment, configuration drift analysis, and recurring evidence collection to maintain authorization currency.
• Control Mapping: Maintain accurate mappings between deployed technical controls, NIST SP 800-53 control statements, and DoD overlays so that compliance evidence is traceable end-to-end.
POA&M and Vulnerability Management
• Develop, track, and update Plan of Action and Milestones (POA&Ms) on the cadence required by Government leadership.
• Coordinate with technical SMEs to scope remediation actions, validate completion, and submit milestone updates.
• Conduct root cause analysis for repeat findings and recommend systemic controls to drive down the vulnerability backlog.
• Post-Inspection Discrepancies: Develop and submit follow-on POA&Ms after Government inspections, audits, or assessments within Government-required timelines.
• Risk Acceptance Coordination: Prepare risk acceptance packages where remediation is not feasible and coordinate Government approval through the appropriate authority.
STIG, IAVM, and Cyber Hygiene
• Conduct STIG compliance assessments using SCAP-based tools, STIG Viewer, and manual checks against deployed systems.
• Develop and maintain schedules for manual STIG checks and ensure recurring execution by responsible technical teams.
• Analyze ACAS / Nessus vulnerability scan output, develop weekly scan analysis reports, and coordinate remediation with system owners.
• Track new Information Assurance Vulnerability Management (IAVM) advisories and STIG releases; produce recurring metrics on coverage and remediation status.
• Boundary Posture Management: Maintain assigned accreditation boundaries at a non-critical vulnerability posture as defined by Government quality standards and report any deviations to leadership.
Cyber Tasking and Deployment Compliance
• Acknowledge receipt of TASKORDs, OPORDs, and other Government cyber tasking within the required response window.
• Decompose Government cyber tasking into actionable work, assign to responsible parties, and track to closure with auditable evidence.
• Deployment Compliance: Coordinate with system administrators and engineering teams to validate compliance of new deployments and produce recurring reporting on deployment, software introduction, and patching tool status.
• Cyber Workforce Compliance: Track DoD 8570.01-M and DoD 8140 workforce certification compliance for cyber personnel; coordinate certification renewals and provide monthly compliance reporting to the cybersecurity team.
Cybersecurity and Compliance Coordination
• Ensure all assigned systems maintain compliance with DoD Security Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alerts (IAVAs), and applicable Command Cyber Tasking Orders (CCTOs).
• Support cybersecurity incident response activities including evidence collection, timeline reconstruction, and after-action reporting.
• Participate in cybersecurity coordination calls, RMF working groups, and Government-led security reviews.
• Adhere to DoD 8570.01-M / DoD 8140 Information Assurance workforce requirements applicable to the assigned role.
Documentation and Communication
• Develop, update, and maintain SOPs, Work Instructions (WIs), and technical documentation for all supported compliance functions.
• Provide status updates, incident reports, and After Action Reports (AARs) as required by Government leadership.
• Participate in configuration change control board (CCB) processes; ensure security impact of changes is assessed prior to approval.
• Collaborate with network, cybersecurity, storage, and application teams to resolve cross-functional compliance issues.
• Provide content for recurring leadership briefings on RMF status, ticket metrics, vulnerability posture, and SLA impact.
• Provide technical support and training to end users and junior staff as needed.
Security Clearance Requirement
U.S. Citizenship and a minimum active Secret security clearance is required for this position. Certain task orders or work locations may require a Top Secret (TS) or TS/SCI clearance. All personnel must be able to obtain and maintain the required clearance level and must possess a valid DoD Common Access Card (CAC). Personnel may be required to access systems across multiple classification domains, including Unclassified (NIPR), Secret (SIPR), and Top Secret/Collateral networks.
Education Requirements
One of the following is required:
• Bachelor's degree in Computer Science, Computer Engineering, Information Technology, Information Systems, Cybersecurity, or a closely related technical field; OR
• Associate's degree in a related technical field plus additional qualifying experience; OR
• Equivalent combination of education, training, and directly relevant DoD IT experience as defined by labor category level below:
Junior (0-2 years) - Works under supervision; executes defined tasks; learns SOPs and tools
Mid (3-5 years - Works independently on most tasks; supports complex troubleshooting; mentors juniors
Senior (6+ years) - SME-level expertise; leads technical efforts; guides architecture and compliance decisions
Minimum Qualifications
• Working knowledge of the DoD Risk Management Framework (RMF) and NIST SP 800-53, NIST SP 800-37, and CNSSI 1253.
• Experience developing or maintaining A&A documentation (SSP, RAR, SAR, POA&M).
• Experience with eMASS or an equivalent A&A workflow tool.
• Working knowledge of DoD STIGs, IAVAs, SCAP, and STIG Viewer.
• Experience analyzing ACAS / Nessus vulnerability scan results.
• Familiarity with Windows Server, Active Directory, and common DoD IT infrastructure.
• Ability to apply DoD STIGs and IAVAs to maintain system compliance.
• Ability to create and maintain technical documentation, SOPs, and compliance artifacts.
• Ability to work shift hours, weekends, or on-call rotations as required by task order.
• Strong oral and written communication skills; ability to brief technical topics to non-technical stakeholders.
Preferred Qualifications
• Experience in a DoD, Intelligence Community, or Federal Government IT environment.
• Familiarity with ITIL service management practices.
• Experience with Tanium, Splunk, or other endpoint compliance and SIEM tooling.
• Familiarity with Continuous Monitoring (CONMON), Cyber Hygiene, and JFHQ-DODIN operations.
• Experience supporting Authorizing Official (AO) packages and ATO submissions.
• Familiarity with cloud RMF (DoD Cloud Computing Security Requirements Guide, FedRAMP) and applicable overlays.
• Knowledge of cloud platforms (Microsoft Azure Government, AWS GovCloud) and hybrid infrastructure environments.
• Experience with PowerShell, Python, or other scripting languages for compliance automation.
• Knowledge of DoD Identity, Credential, and Access Management (ICAM) frameworks.
Required Certifications
Personnel must meet DoD Directive 8570.01-M / DoD 8140 baseline certification requirements applicable to their assigned Cyber IT/Cybersecurity role. One of the following certifications satisfies the minimum IAT Level II requirement:
• CompTIA Security+ CE
• Cisco CCNA Security
• CySA+ (CompTIA Cybersecurity Analyst)
• GIAC Security Essentials (GSEC)
• Systems Security Certified Practitioner (SSCP)
Additional computing environment (CE) certifications may be required depending on the specific technologies managed (e.g., Microsoft, VMware, Red Hat, Cisco). Certifications must be current and maintained throughout the period of performance.
Desired Additional Certifications
• Certified Authorization Professional (CAP) or Governance, Risk and Compliance Certification (CGRC).
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• eMASS user training completion.
• ACAS Vulnerability Management certification.
Work Environment and Physical Requirements
• Work is performed in a Government facility or contractor site supporting classified and/or unclassified IT environments.
• Personnel may be required to work in data centers or consolidated server rooms with associated environmental conditions (temperature, noise, physical equipment).
• Occasional lifting of IT equipment up to 50 lbs may be required.
• Personnel may be required to support 24x7 operations via scheduled shifts or on-call arrangements.
• Travel to alternate Government sites may be required on an as-needed basis.
Benefits
• Competitive salary based on experience
• Comprehensive benefits package including health, dental, vision, and retirement plans
• Paid time off and holidays
We are an Equal Opportunity Employer and consider all qualified applicants without regard to protected characteristics under applicable law. EEO/AA Employer/Veteran/Disabled.
This role supports Government customers across one or more classification domains and may require work across standard business hours or on a shift/rotational schedule depending on task order requirements. The Cyber RMF Specialist works in close partnership with system owners, system administrators, the cybersecurity team, and the Authorizing Official's staff to ensure systems achieve and sustain Authorization to Operate (ATO) status and remain compliant with all applicable DoD, CYBERCOM, and DISA policies, directives, and orders.
Duties will vary based on position and area of focus:
Risk Management Framework (RMF) Execution
• Execute RMF activities in accordance with DoD Instruction 8510.01 across the six RMF steps: Categorize, Select, Implement, Assess, Authorize, and Monitor.
• Develop, review, and maintain System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Assessment Reports (SARs), and supporting Assessment and Authorization (A&A) artifacts.
• Coordinate with system owners and engineering teams to capture system descriptions, accreditation boundaries, data flows, and information types in accordance with CNSSI 1253 and NIST SP 800-53.
• Support ATO sustainment, reauthorization, and ongoing authorization activities for assigned accreditation boundaries.
• eMASS Administration: Administer the Enterprise Mission Assurance Support Service (eMASS) including system registration, control implementation status updates, artifact uploads, and workflow routing to the assessor and Authorizing Official.
• Continuous Monitoring: Execute continuous monitoring activities including control reassessment, configuration drift analysis, and recurring evidence collection to maintain authorization currency.
• Control Mapping: Maintain accurate mappings between deployed technical controls, NIST SP 800-53 control statements, and DoD overlays so that compliance evidence is traceable end-to-end.
POA&M and Vulnerability Management
• Develop, track, and update Plan of Action and Milestones (POA&Ms) on the cadence required by Government leadership.
• Coordinate with technical SMEs to scope remediation actions, validate completion, and submit milestone updates.
• Conduct root cause analysis for repeat findings and recommend systemic controls to drive down the vulnerability backlog.
• Post-Inspection Discrepancies: Develop and submit follow-on POA&Ms after Government inspections, audits, or assessments within Government-required timelines.
• Risk Acceptance Coordination: Prepare risk acceptance packages where remediation is not feasible and coordinate Government approval through the appropriate authority.
STIG, IAVM, and Cyber Hygiene
• Conduct STIG compliance assessments using SCAP-based tools, STIG Viewer, and manual checks against deployed systems.
• Develop and maintain schedules for manual STIG checks and ensure recurring execution by responsible technical teams.
• Analyze ACAS / Nessus vulnerability scan output, develop weekly scan analysis reports, and coordinate remediation with system owners.
• Track new Information Assurance Vulnerability Management (IAVM) advisories and STIG releases; produce recurring metrics on coverage and remediation status.
• Boundary Posture Management: Maintain assigned accreditation boundaries at a non-critical vulnerability posture as defined by Government quality standards and report any deviations to leadership.
Cyber Tasking and Deployment Compliance
• Acknowledge receipt of TASKORDs, OPORDs, and other Government cyber tasking within the required response window.
• Decompose Government cyber tasking into actionable work, assign to responsible parties, and track to closure with auditable evidence.
• Deployment Compliance: Coordinate with system administrators and engineering teams to validate compliance of new deployments and produce recurring reporting on deployment, software introduction, and patching tool status.
• Cyber Workforce Compliance: Track DoD 8570.01-M and DoD 8140 workforce certification compliance for cyber personnel; coordinate certification renewals and provide monthly compliance reporting to the cybersecurity team.
Cybersecurity and Compliance Coordination
• Ensure all assigned systems maintain compliance with DoD Security Technical Implementation Guides (STIGs), Information Assurance Vulnerability Alerts (IAVAs), and applicable Command Cyber Tasking Orders (CCTOs).
• Support cybersecurity incident response activities including evidence collection, timeline reconstruction, and after-action reporting.
• Participate in cybersecurity coordination calls, RMF working groups, and Government-led security reviews.
• Adhere to DoD 8570.01-M / DoD 8140 Information Assurance workforce requirements applicable to the assigned role.
Documentation and Communication
• Develop, update, and maintain SOPs, Work Instructions (WIs), and technical documentation for all supported compliance functions.
• Provide status updates, incident reports, and After Action Reports (AARs) as required by Government leadership.
• Participate in configuration change control board (CCB) processes; ensure security impact of changes is assessed prior to approval.
• Collaborate with network, cybersecurity, storage, and application teams to resolve cross-functional compliance issues.
• Provide content for recurring leadership briefings on RMF status, ticket metrics, vulnerability posture, and SLA impact.
• Provide technical support and training to end users and junior staff as needed.
Security Clearance Requirement
U.S. Citizenship and a minimum active Secret security clearance is required for this position. Certain task orders or work locations may require a Top Secret (TS) or TS/SCI clearance. All personnel must be able to obtain and maintain the required clearance level and must possess a valid DoD Common Access Card (CAC). Personnel may be required to access systems across multiple classification domains, including Unclassified (NIPR), Secret (SIPR), and Top Secret/Collateral networks.
Education Requirements
One of the following is required:
• Bachelor's degree in Computer Science, Computer Engineering, Information Technology, Information Systems, Cybersecurity, or a closely related technical field; OR
• Associate's degree in a related technical field plus additional qualifying experience; OR
• Equivalent combination of education, training, and directly relevant DoD IT experience as defined by labor category level below:
Junior (0-2 years) - Works under supervision; executes defined tasks; learns SOPs and tools
Mid (3-5 years - Works independently on most tasks; supports complex troubleshooting; mentors juniors
Senior (6+ years) - SME-level expertise; leads technical efforts; guides architecture and compliance decisions
Minimum Qualifications
• Working knowledge of the DoD Risk Management Framework (RMF) and NIST SP 800-53, NIST SP 800-37, and CNSSI 1253.
• Experience developing or maintaining A&A documentation (SSP, RAR, SAR, POA&M).
• Experience with eMASS or an equivalent A&A workflow tool.
• Working knowledge of DoD STIGs, IAVAs, SCAP, and STIG Viewer.
• Experience analyzing ACAS / Nessus vulnerability scan results.
• Familiarity with Windows Server, Active Directory, and common DoD IT infrastructure.
• Ability to apply DoD STIGs and IAVAs to maintain system compliance.
• Ability to create and maintain technical documentation, SOPs, and compliance artifacts.
• Ability to work shift hours, weekends, or on-call rotations as required by task order.
• Strong oral and written communication skills; ability to brief technical topics to non-technical stakeholders.
Preferred Qualifications
• Experience in a DoD, Intelligence Community, or Federal Government IT environment.
• Familiarity with ITIL service management practices.
• Experience with Tanium, Splunk, or other endpoint compliance and SIEM tooling.
• Familiarity with Continuous Monitoring (CONMON), Cyber Hygiene, and JFHQ-DODIN operations.
• Experience supporting Authorizing Official (AO) packages and ATO submissions.
• Familiarity with cloud RMF (DoD Cloud Computing Security Requirements Guide, FedRAMP) and applicable overlays.
• Knowledge of cloud platforms (Microsoft Azure Government, AWS GovCloud) and hybrid infrastructure environments.
• Experience with PowerShell, Python, or other scripting languages for compliance automation.
• Knowledge of DoD Identity, Credential, and Access Management (ICAM) frameworks.
Required Certifications
Personnel must meet DoD Directive 8570.01-M / DoD 8140 baseline certification requirements applicable to their assigned Cyber IT/Cybersecurity role. One of the following certifications satisfies the minimum IAT Level II requirement:
• CompTIA Security+ CE
• Cisco CCNA Security
• CySA+ (CompTIA Cybersecurity Analyst)
• GIAC Security Essentials (GSEC)
• Systems Security Certified Practitioner (SSCP)
Additional computing environment (CE) certifications may be required depending on the specific technologies managed (e.g., Microsoft, VMware, Red Hat, Cisco). Certifications must be current and maintained throughout the period of performance.
Desired Additional Certifications
• Certified Authorization Professional (CAP) or Governance, Risk and Compliance Certification (CGRC).
• Certified Information Systems Security Professional (CISSP).
• Certified Information Security Manager (CISM).
• eMASS user training completion.
• ACAS Vulnerability Management certification.
Work Environment and Physical Requirements
• Work is performed in a Government facility or contractor site supporting classified and/or unclassified IT environments.
• Personnel may be required to work in data centers or consolidated server rooms with associated environmental conditions (temperature, noise, physical equipment).
• Occasional lifting of IT equipment up to 50 lbs may be required.
• Personnel may be required to support 24x7 operations via scheduled shifts or on-call arrangements.
• Travel to alternate Government sites may be required on an as-needed basis.
Benefits
• Competitive salary based on experience
• Comprehensive benefits package including health, dental, vision, and retirement plans
• Paid time off and holidays
We are an Equal Opportunity Employer and consider all qualified applicants without regard to protected characteristics under applicable law. EEO/AA Employer/Veteran/Disabled.
group id: 10409777