Abacus Technology is seeking a Risk Management Framework (RMF) Subject Matter Expert (SME) to support the Wing Cyberspace Office (WCSO) in managing and executing DoD Risk Management Framework processes at Hanscom AFB.  This is a full-time position.

• Serve as the lead RMF Subject Matter Expert supporting the Wing Cyberspace Office (WCSO) for all systems and enclaves within the base enterprise.
• Lead the management, implementation, and execution of the Risk Management Framework (RMF) lifecycle (Categorize, Select, Implement, Assess, Authorize, and Monitor) for supported systems.
• Develop, maintain, and validate RMF artifacts within Enterprise Mission Assurance Support Service (eMASS) to ensure completeness, accuracy, and compliance with DoD and Air Force requirements.
• Provide expert guidance to ISSMs, ISSOs, and system owners on ATO packages, reauthorization efforts, and continuous monitoring strategies.
• Ensure continuous compliance with DoD, Air Force, NSA, and NIST cybersecurity policies and directives, including NIST SP 800-53 and DoDI 8510.01.
• Conduct risk assessments and security control evaluations, recommending mitigation strategies to reduce risk to acceptable levels.
• Review and validate Security Technical Implementation Guides (STIGs), vulnerability alerts, and cybersecurity directives for implementation across supported systems.
• Support Authorization to Operate (ATO), Authority to Connect (ATC), and Interim Authorization (IATT) processes as required.
• Develop and manage Plans of Action & Milestones (POA&Ms) and track remediation efforts to closure.
• Provide direct support during cybersecurity inspections and audits (e.g., CCRI, IG, SAV), including preparation, execution, and remediation.
• Advise on system architecture, boundary definitions, and control inheritance to improve RMF efficiency and cybersecurity posture.
• Collaborate with network, system, and cybersecurity teams to ensure secure integration and sustainment of systems.
• Analyze and report cybersecurity posture metrics and trends, providing recommendations for continuous improvement.
• Mentor and provide RMF training and knowledge transfer to cybersecurity staff and stakeholders across the Wing.

10+ years experience in cyber security, with a strong emphasis on Risk Management Framework (RMF) within the DoD or Federal environment.  Bachelor’s degree in a related field.  Additional years of experience may be substituted for degree requirements.  Must be Security+ certified.  CISSP certification preferred.  Extensive experience with DoD RMF processes, ATO lifecycle management, and continuous monitoring.  Demonstrated expertise in eMASS and RMF package development and management.  Strong knowledge of Air Force, DoD, and Federal cyber security directives, policies, and instructions.  Hands-on experience conducting security control assessments, vulnerability management, and POA&M tracking.  Experience supporting cyber security inspections (e.g., CCRI, IG inspections, SAVs).  Able to interpret and implement STIGs, security guidance, and vulnerability remediation requirements.  Strong ability to work independently and collaboratively, providing technical leadership across multiple stakeholders.  Excellent communication skills, with the ability to translate complex cyber security concepts into actionable guidance.  Must be a US citizen and hold a current Secret clearance.

The projected compensation range for this position is $149,000-$167,100. There are multiple factors that can impact a final salary, including, but not limited to, Contract Wage Determination, relevant work experience, skills and competencies that align to the specified role, geographic location (if remote or different from the stated location for this position), education and certifications as well as Federal Government Contract Labor categories. In addition, Abacus Technology offers a benefits package that includes: Health and Dental Insurance; 401(k) and Matching; Life Insurance; Short- and Long-Term Disability; Paid Time Off; Paid Holidays; and Professional Membership, Technical Training, Certification, and Education Assistance.

Applicants selected will be subject to a U.S. government security investigation and must meet eligibility requirements for access to classified information.