ABMS Cybersecurity Risk Management Framework SME

Job ID: 2505488-FLEXWORK-DC

Location: REMOTE WORK, DC, US

Date Posted: 2025-05-22

Category: Cyber

Subcategory: Cybersecurity Spec

Schedule: Full-time

Shift: Day Job

Travel: Yes, 25 % of the Time

Minimum Clearance Required: Secret

Clearance Level Must Be Able to Obtain: Top Secret

Potential for Remote Work: Yes

Description

SAIC is seeking an experienced Cyber Security Risk Management Framework (RMF) Subject Matter Expert (SME) to support the Advanced Battle Management System (ABMS) Deployed Digital Infrastructure (DDI), Fixed Digital Infrastructure (FDI) and Remote Digital Infrastructure (RDI) systems that provide the United States Air Force with a networked and resilient capability. This next generation of systems shall employ the latest advancements across the technology spectrum to include AI/ML and distributed architectures. The ideal candidate will have extensive experience in large, complex system of systems design, development, and integration projects.

The position requires an individual with strong technical project management skills. The successful candidate will have excellent communication, team skills and DoD Program Management experience. They will be expected to continually balance and adjust work priorities to meet short deadlines.

Key responsibilities:

• Lead and manage the end-to-end RMF Assessment and Authorization (A&A) lifecycle for a designated portfolio of diverse software systems and applications, designing inheritance, ensuring concurrent progress and timely attainment/maintenance of ATOs.
• Strategically identify, document, and manage common controls applicable across the system portfolio; develop and implement common control strategies, coordinating with Common Control Providers (CCPs) and ensuring proper inheritance documentation.
• Organize and manage team tasks to complete each RMF package and achieve all milestones.
• Work with DAOs, SCARS, and ABMS PMO Cyber team on RMF requirements, applicability to systems and software, RMF design and implementation, and tailoring of controls.
• Tailor and select NIST SP 800-53r5 security controls appropriate for each system's categorization and operational environment within the portfolio.
• Provide RMF subject matter expertise and guidance throughout the software development lifecycle (SDLC).
• Manage and plan continuous monitoring and reauthorization tasks for all RMF packages.
• Work with other ABMS PDTs on RMF requirements for connection of systems and implementation of software.
• Maintain awareness of evolving cybersecurity policies, standards (NIST, DoD, Intelligence Community (IC)), and threats, applying relevant changes to processes across the portfolio.
• Experience in managing eMASS and Xacta RMF packages and associated artifacts from initiation through continuous monitoring.
• Manage and coordinate security authorization activities in accordance with Government regulations, Department of Defense and National Institute of Standards and Technology Risk Management Framework and standards (NIST 800-37r2, NIST 800-53, NIST 800-53a, CNSSI 1253, ICD 503), and customer-specific information security policies, processes, and procedures.
• Prepare and review security documentation, including System Security Plans (SSPs) and Assessment and Authorization packages.
• Conducts threat modeling exercises.
• Researches, evaluates, and recommends new security tools, techniques, and technologies and introduces them to the enterprise in alignment with IT security strategy.
• Experience with applying RMF in DoD/IC real-world exercises and operations.
• Supports Assessment and Authorization events required by each government authorizing authority through pretest preparations, participation in the tests, analysis of the results, and preparation of required reports.
• Knowledge of Classified Cloud Environments and the Shared Responsibility Model preferred.
• Periodically conducts a review of each system's audits and monitors corrective actions until all actions are closed.
• May provide briefings to senior staff.

Qualifications

TYPICAL EDUCATION AND EXPERIENCE: Bachelors and ten (10) years or more of related experience; Masters and eight (8) years or more experience; PhD or JD and five (5) years or more experience

QUALIFICATIONS:

• Experience with applying RMF in DoD/IC real-world exercises and operations.
• Experience in managing eMASS and Xacta RMF packages and associated artifacts from initiation through continuous monitoring.
• IAT Level III Certification
• CASP+ CE
• CCNP Security
• CISA
• CISSP (or Associate)
• GCED
• GCIH
• Certified Information Security Manager (CISM)
• Certified Risk and Information Systems Controller (CRISC)
• Certified Ethical Hacker (CEH)
• Global Information Assurance Certification (GIAC) and GIAC Security Essentials

Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.