RMF Engineer -- Fort Belvoir, VA - Onsite

Overview

On Site
$DOE
Full Time
Accepts corp to corp applications
Contract - W2
Contract - Full Time

Skills

risk assessments
RMF policy creation
cybersecurity compliance

Job Details

Job Title: RMF Engineer
Location: Fort Belvoir, VA - Onsite
Duration: Full Time
Responsibilities:
  • Develop and deliver implementation plans, risk assessments, research, and analysis supporting RMF and continuous monitoring based on Government regulations, plans, and direction.
  • Provide monthly status reports and track the execution of Army RMF, including compliance with authorizations, system assessments, and Plan of Actions & Milestones (POA&M) expirations and executions.
  • Collaborate with automated RMF tools such as eMASS and APMS, following the Federal Information Security Management Act (FISMA), DoD Directive 8500.01, NIST Special Publication 800-53, and CNSSI 1253 guidelines.
  • Ensure compliance with DoD Cybersecurity (CS) policy requirements outlined in DoDI 8500.01, DoDI 8510.01, and their successors.
  • Integrate with Security Requirements Guide (SRG) and Security Technical Implementation Guides (STIG) development teams to include emerging technologies in the STIG roadmap process.
  • Conduct onsite visits and surveys to address security compliance and technical analysis, producing comprehensive reports and recommendations for improvements and enhancements.
  • Identify risk areas through implementation shortfalls and develop plans to recommend policy updates, addressing widespread issues and exceptions to policy.
  • Participate in working groups, forums, and direct interactions to gather information for research and analysis in support of RMF and continuous monitoring.
  • Standardize forms and integrate with continuous Authorization to Operate (cATO) and RMF emerging technology efforts to reduce the burden on mission owners while maintaining security.
  • Provide guidance on addressing risks from a mission and business process perspective, ensuring Army CS initiatives align with applicable laws and regulations.
  • Support the integration of Operational Technology (OT) into the Army's IT and Network Operations CS capability by tracking emerging tech and working with mission owners.
  • Conduct outreach and education on data value and categorization, integrating with various Army data owners to achieve unified end-to-end multi-element asset capabilities.
  • Support the Commercial Temporary Exception to Policy (C-TEP) program, creating standardized templates and workflow automation.
  • Track tasks and requirements aligned with the Army Data Strategy and Army Directives, representing Army security needs in future strategy and directives.
Experience required:
  • Bachelor's degree in a relevant field or equivalent experience.
  • 10+ years of proven experience in RMF policy creation, risk assessments, and cybersecurity compliance.
  • In-depth knowledge of RMF 2.0, FISMA, NIST publications, and DoD cybersecurity policies.
  • IAM Level III certification or equivalent cybersecurity certifications.
  • Excellent communication and collaboration abilities to work with various stakeholders.
  • Ability to conduct onsite visits and technical analysis.
  • Understanding of emerging technologies and their impact on cybersecurity.