Risk Management Framework (RMF) Specialist

NV5 • Full-time • Remote • $90k - $120k / year • 1m ago

Overview

Seeking a dedicated and experienced Risk Management Framework (RMF) Specialist to oversee and manage cybersecurity processes, ensuring compliance with DoD and Air Force policies. The RMF Specialist will play a critical role in safeguarding the Air Force’s information systems by identifying, assessing, and mitigating security risks. This position requires a deep understanding of the RMF lifecycle and its application in a military context.

Work Environment:

Location: Onsite - Washington, DC (This is not a remote position)
Security Clearance: Must possess or be able to obtain and maintain a Top Secret/SCI clearance.
Travel < 20% of the time

Responsibilities

RMF Implementation: Lead the implementation of the Risk Management Framework (RMF) for Air Force information systems, ensuring compliance with DoD and Air Force cybersecurity policies.
Security Control Assessment: Conduct security control assessments and validate the effectiveness of implemented controls for information systems.
Risk Analysis: Perform risk assessments to identify vulnerabilities, threats, and risks to information systems, and recommend appropriate mitigation strategies.
Documentation: Prepare and maintain RMF documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports.
Continuous Monitoring: Implement and manage continuous monitoring strategies to ensure ongoing assessment and authorization of information systems.
Collaboration: Work closely with system owners, developers, and other stakeholders to ensure security requirements are integrated throughout the system development lifecycle.
Audit Support: Support internal and external audits, reviews, and inspections related to information system security.
Policy and Compliance: Ensure alignment with current Air Force cybersecurity policies, standards, and regulations, and recommend updates to cybersecurity policies as needed.

Qualifications

Requirements

Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
Experience: Minimum of 5 years of experience in cybersecurity, with at least 3 years specializing in RMF processes and DoD information systems.
Certifications: Must possess or be willing to obtain relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
Security Clearance: Ability to obtain and maintain a Top Secret/SCI security clearance.
Technical Skills: Proficiency in RMF tools and technologies, such as eMASS (Enterprise Mission Assurance Support Service) and vulnerability assessment tools (e.g., Nessus, ACAS, SCAP).
Knowledge: In-depth knowledge of NIST Special Publications (SP) 800-37, 800-53, and 800-171, as well as DoD Instruction 8510.01 and related guidelines.
Communication: Strong verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts to both technical and non-technical audiences.
Analytical Skills: Excellent analytical and problem-solving skills, with a keen attention to detail and a proactive approach to identifying and addressing security risks.

Competencies & Skills

Strong problem-solving skills and the ability to troubleshoot database issues effectively.
Excellent communication and collaboration skills for cross-team efforts.

Employment is contingent upon successful completion of a background check and drug screening.

NV5 offers a competitive compensation and benefits package including medical, dental, life insurance, FTO, 401(k) and professional development/advancement opportunities.

#LI-Onsite

#LI-JG1