Senior Security Risk Management (RMF) Engineer

OneZero Solutions

$120K — $150K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • Bachelor's degree in Cybersecurity or related IT field, or equivalent experience
  • 10+ years in Assessments and Authorizations (A&A) and Risk Management Framework (RMF) assessments
  • 5+ years evaluating A&A assessments of Cross Domain Solutions (CDS) systems
  • Preferred experience with Archer and Atlassian JIRA
  • Knowledge of Generative AI technologies and DHS Gen AI pathways
  • Expertise in NIST 800-53 Security and Privacy Controls
  • Familiarity with NIST SP 800-207 Zero Trust Architecture and related security frameworks

Responsibilities

  • Execute RMF lifecycle activities like categorization and control implementation
  • Develop and maintain A&A/ATO documentation packages
  • Perform risk assessments and recommend mitigation strategies
  • Manage continuous monitoring and security metrics reporting
  • Apply NIST RMF and other security frameworks for decision-making
  • Coordinate with ISSOs and system owners for compliance activities
  • Create Gen AI guidelines for DHS A&A and monitoring
  • Collaborate with Archer to identify RMF controls for Zero Trust and Gen AI

Benefits

  • On-site work at a secure facility in Washington, DC
  • Opportunity to work in classified systems environment
  • Engagement in high-profile projects with DHS/IC
  • Ability to shape RMF policy with government and industry collaboration
  • Hands-on involvement with cutting-edge technologies like Generative AI
Full Job Description
Position Title: Senior Security Risk Management (RMF) Engineer

Location: On-site in a SCIF in the National Capital Region (NCR) - Nebraska Avenue Complex, Washington, DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hours

Clearance: TS/SCI

Job Summary:

Leads Assessment & Authorization (A&A), risk management, and continuous authorizations (cATO) activities to ensure system compliance and security posture across TS/SCI environments.

Education and Experience:
  • Bachelor's degree in Cybersecurity or IT-related field or equivalent years of experience.
  • Minimum of 10 years of experience in performing Assessments and Authorizations (A&A) and Risk Management Framework (RMF) assessments.
  • Minimum 5 years of experience with evaluating and conducting A&A assessments of Cross Domain Solutions (CDS) systems to include High-Speed Guard (HSG) systems.
  • Preferred: Experience with Archer and Atlassian JIRA.
  • Demonstrated knowledge of Generative AI technologies, DHS Gen AI pathways and solutions.
  • Expert knowledge of National Institute of Standards and Technology (NIST) 800-53 Security and Privacy Controls for Information Systems and Organizations.
  • Knowledge of NIST SP 800-207 Zero Trust Architecture, NIST AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, NIST Cybersecurity Framework (CSF), and the 18 main controls identified in the Center for Internet Security (CIS) Critical Security Controls.
  • Experience with classified systems and DHS/IC environments.
  • AWS, CISSP certifications or comparable experience

Essential Duties:
  • Execute RMF lifecycle activities, including categorization, control selection and implementation, assessment, authorization, and continuous monitoring.
  • Develop and maintain A&A/ATO documentation packages, including SSPs, SARs, POA&Ms, SOPs, and reporting artifacts.
  • Perform risk assessments, identify vulnerabilities, and recommend mitigation and corrective action strategies.
  • Manage continuous monitoring activities, security metrics reporting, and ongoing authorization support.
  • Apply NIST RMF, CNSSI 1253, and IC security frameworks to support ATO/ATC decision-making.
  • Coordinate with ISSOs, system owners, and Authorizing Officials to support authorization and compliance activities.
  • Develop specialized customer centric Gen AI guidelines for DHS I&A A&A, Continuous Monitoring (ConMon) and Plan of Actions and Milestones (POA&M) to include CDS systems.
  • Collaborate with Archer to identify relevant RMF controls related to both Zero Trust and Gen AI and add controls for monitoring and reporting.
  • Coordinate with appropriate organizational stakeholders to ensure Zero Trust and Gen AI are both implemented broadly, end-to-end across customer environments to include Information System Security Officer (ISSO) supported environments.
  • Work across government and industry to evaluate and shape RMF and CDS policy around Zero Trust, Gen AI and related topics.

Similar Jobs

More Jobs at OneZero Solutions

More Information Technology Jobs

Find similar Senior Security Risk Management (RMF) Engineer jobs: