Risk Management Framework (RMF) Technical Engineer (Q Clearance)

Overview

Remote
Depends on Experience
Full Time

Skills

Q clearance
Amazon Web Services
Google Cloud Platform
FedRAMP
RMF
Standard Operating Procedure
Risk Management Framework
Python

Job Details

Who we are:

ShorePoint is a fast-growing, industry recognized and award-winning cybersecurity services firm with a focus on high-profile, high-threat, private and public-sector customers who demand experience and proven security models to protect their data. ShorePoint subscribes to a “work hard, play hard” mentality and celebrates individual and company successes. We are passionate about our mission and going above and beyond to deliver for our customers. We are equally passionate about an environment that supports creativity, accountability, diversity, inclusion and a focus on giving back to our community.  

The Perks:

As recognized members of the Cyber Elite, we work together in partnership to defend our nation’s critical infrastructure while building meaningful and exciting career development opportunities in a culture tailored to the individuals technical and professional growth. We are committed to the belief that our team members do their best work when they are happy and well cared for. In support of this philosophy, we offer a comprehensive benefits package, including major carriers for health care providers. Highlighted benefits offered: 18 days of PTO, 11 holidays, 85% of insurance premium covered, 401k, continued education, certifications maintenance and reimbursement and more.

Who we’re looking for:

We are seeking an Risk Management Framework (RMF) Technical Engineer with deep expertise in designing, automating and operationalizing Risk Management Framework workflows across complex enterprise environments. This role focuses on translating RMF policy and compliance requirements into efficient, automated and measurable processes that support authorization, continuous monitoring and governance modernization initiatives. The RMF Technical Engineer works closely with system owners, engineers and governance teams to embed compliance-by-design and drive scalable, repeatable RMF execution. This is a unique opportunity to shape the growth, development and culture of an exciting and fast-growing company in the cybersecurity market.

What you’ll be doing:

  • Lead the design, implementation and automation of end-to-end RMF workflows that will integrate into operational activities.
  • Develop workflow orchestration, templates and dashboards to automate control evidence, status tracking and authorization activities.
  • Collaborate with system owners, ISSOs and engineers to assist with embedding compliance-by-design principles into their operations.
  • Engineer and document automated processes for control selection, assessment and continuous monitoring.
  • Analyze existing manual processes to identify automation opportunities using tools such as ServiceNow, Archer, Jira or custom Python/Bash scripts.
  • Create and maintain visual process maps, lifecycle diagrams and executive dashboards to communicate process performance and maturity.
  • Develop and document standard operating procedures (SOPs) and configuration baselines supporting automated authorization to operate (ATO) processes.
  • Facilitate stakeholder workshops to gather requirements, define process KPIs and validate automation effectiveness.
  • Serve as a key contributor to the organization’s Continuous ATO (cATO) and governance modernization initiatives.
  • Ensure all process automation adheres to NIST, FedRAMP and agency security policies while improving efficiency and consistency.

What you need to know:

  • Expert understanding of the NIST Risk Management Framework (SP 800-37, 800-53, 800-137) and federal security compliance practices.
  • Proficiency with process automation and visualization tools (e.g., Power Automate, ServiceNow Flow Designer, Lucidchart, Visio or Miro).
  • Familiarity with GRC platforms such as Archer, eMASS or ServiceNow for workflow integration and control tracking.
  • Demonstrated ability to build and communicate process documentation, metrics and visuals for technical and executive audiences.
  • Excellent facilitation, stakeholder engagement and technical writing skills.
  • Working knowledge of AWS, Azure or GCP security services and cloud compliance automation.

Must have’s:

  • 10+ years of relevant work experience.
  • Associate’s degree substitutes for 2 years of experience; a bachelor's degree substitutes for 3 years of experience; A postgraduate degree from an accredited university may substitute for 6 years of experience.
  • Proven ability to analyze complex requirements and translate them into clear, actionable tasks and processes through critical thinking.
  • Proven experience implementing or optimizing security or compliance workflows.
  • Experience developing automated scripts or integrations for process efficiency (e.g., Python, PowerShell or REST APIs).
  • Demonstrated success leading cross-functional collaboration between engineers, ISSOs and governance teams.
  • Strong analytical mindset and ability to translate policy into actionable, automated processes.
  • Applicants must hold and maintain an active DOE Q or equivalent DoD Top Secret clearance.

Beneficial to have:

  • Experience supporting DoD or other federal cybersecurity programs.
  • Knowledge of cATO, Zero Trust Architecture and security orchestration tools.
  • Familiarity with containerized environments (Docker, Kubernetes) and secure pipeline automation.
  • Certifications such as CISSP, CCSP or DevSecOps Professional.
  • Experience using AI-assisted documentation or workflow automation platforms.

Where it’s done:

  • Remote (Herndon, VA).
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.