RMF & ISSM Support Specialist

This is a fully remote position, open to applicants in United States.

📋 Description

• Deliver essential services to a government client as an RMF & ISSM Support Specialist.

• Prepare RMF packages, including Security Plans, Annual Security Reviews, Authorizations, and POA&Ms.

• Perform continuous monitoring of designated systems.

• Offer pertinent cyber security expertise to support ongoing programmatic efforts.

• Design IAM solutions such as RBAC, ABAC, MFA, least-privilege, and PAM across cloud and application environments.

• Integrate security practices into CI/CD pipelines according to the DoD DevSecOps Reference Design, automating SAST, DAST, SCA, container image scanning, and STIG compliance validation.

• Execute data protection strategies, including encryption at rest and in transit, as well as cryptographic key management (AWS KMS, Azure Key Vault).

• Assess and validate authorization boundary diagrams, architecture/data flow diagrams, hardware/software inventories, IP/subnet assignments, and Med-COI Zone taxonomy artifacts.

• Act as a senior technical security advisor to program leadership, IPTs, and government stakeholders during engineering review boards and architecture working groups.

⛳️ Requirements

• 6-8 years of practical cybersecurity engineering experience in DoD or Federal settings, demonstrating expertise in RMF, cloud security, and application security domains.

• RMF/Compliance: Hands-on experience with eMASS; proven capability to develop and manage ATO packages, SSPs, SCAs, and POA&Ms; skilled in ACAS/Nessus, SCAP, STIG Viewer, and HBSS/ESS analysis.

• Cloud Security: Over 3 years of experience securing AWS GovCloud and/or Azure Government environments; knowledgeable in cloud-native security tools (Security Hub, CloudTrail, Azure Sentinel, Defender), secure landing zone design, and network micro-segmentation.

• IaC & Automation: Expertise in Terraform, Ansible, CloudFormation, or Helm for automated, policy-compliant infrastructure deployment and security hardening.

• Application Security: Familiarity with SAST, DAST, SCA, and API security testing integrated into CI/CD pipelines (GitLab, Jenkins, or similar); understanding of secure SDLC practices as per DoD DevSecOps Reference Design.

• Containers & Microservices: Practical experience with Kubernetes/OpenShift security, including pod security standards, image scanning, secrets management, and runtime detection tools.

• IAM/Zero Trust: Proven experience in implementing RBAC, ABAC, MFA, PAM, and zero trust access models in cloud and application environments.

• DDIL/Edge: Understanding of DDIL architecture security issues, including offline operations, data synchronization, and edge hardening.

• Frameworks: In-depth knowledge of NIST SP 800-53, NIST SP 800-144, NIST SP 800-115, DISA STIGs/SRGs, DoD DevSecOps Reference Design, and DoD 8570/8140.

• Excellent written and verbal communication skills; ability to convey complex technical findings to both technical and executive audiences.

🏝️ Benefits

• Voluntary Medical, Dental, and Vision coverage, with options for Health Savings or Flexible Spending Plans.

• Options for Voluntary Life, Critical Illness, Accident, and Long-Term Care insurance.

• Group Term Life, Short-Term, and Long-Term Disability insurance is provided by Sentar to all eligible employees.

• Generous 401(k) matching plan.

• Competitive PTO policy that increases with years of service.

• Additional leave programs; holiday schedule along with bereavement, maternity, jury, and military duty leave.

• Programs promoting mental health awareness.

• Tuition reimbursement available.

• Professional development reimbursement offered.

• Recognition and Awards programs in place.