Position Title: Senior Security Risk Management (RMF) Engineer
Location: On-site in a SCIF in the National Capital Region (NCR) - Nebraska Avenue Complex, Washington, DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hours
Clearance: TS/SCI
Job Summary:Leads Assessment & Authorization (A&A), risk management, and continuous authorizations (cATO) activities to ensure system compliance and security posture across TS/SCI environments.
Education and Experience:- Bachelor's degree in Cybersecurity or IT-related field or equivalent years of experience.
- Minimum of 10 years of experience in performing Assessments and Authorizations (A&A) and Risk Management Framework (RMF) assessments.
- Minimum 5 years of experience with evaluating and conducting A&A assessments of Cross Domain Solutions (CDS) systems to include High-Speed Guard (HSG) systems.
- Preferred: Experience with Archer and Atlassian JIRA.
- Demonstrated knowledge of Generative AI technologies, DHS Gen AI pathways and solutions.
- Expert knowledge of National Institute of Standards and Technology (NIST) 800-53 Security and Privacy Controls for Information Systems and Organizations.
- Knowledge of NIST SP 800-207 Zero Trust Architecture, NIST AI-600-1, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, NIST Cybersecurity Framework (CSF), and the 18 main controls identified in the Center for Internet Security (CIS) Critical Security Controls.
- Experience with classified systems and DHS/IC environments.
- AWS, CISSP certifications or comparable experience
Essential Duties: - Execute RMF lifecycle activities, including categorization, control selection and implementation, assessment, authorization, and continuous monitoring.
- Develop and maintain A&A/ATO documentation packages, including SSPs, SARs, POA&Ms, SOPs, and reporting artifacts.
- Perform risk assessments, identify vulnerabilities, and recommend mitigation and corrective action strategies.
- Manage continuous monitoring activities, security metrics reporting, and ongoing authorization support.
- Apply NIST RMF, CNSSI 1253, and IC security frameworks to support ATO/ATC decision-making.
- Coordinate with ISSOs, system owners, and Authorizing Officials to support authorization and compliance activities.
- Develop specialized customer centric Gen AI guidelines for DHS I&A A&A, Continuous Monitoring (ConMon) and Plan of Actions and Milestones (POA&M) to include CDS systems.
- Collaborate with Archer to identify relevant RMF controls related to both Zero Trust and Gen AI and add controls for monitoring and reporting.
- Coordinate with appropriate organizational stakeholders to ensure Zero Trust and Gen AI are both implemented broadly, end-to-end across customer environments to include Information System Security Officer (ISSO) supported environments.
- Work across government and industry to evaluate and shape RMF and CDS policy around Zero Trust, Gen AI and related topics.