Cybersecurity Engineer – RMF Specialist

Role Overview

• Enable Skyward Federal’s mission by guiding systems through the Risk Management Framework (RMF) and maintaining secure authorization packages for mission-critical technologies.
• Lead systems through the RMF lifecycle, supporting authorization, continuous monitoring, and ongoing compliance activities for DoD systems.
• Interpret and implement security requirements across NIST 800-53, ICD 503, and JSIG frameworks within real system architectures.
• Develop and maintain RMF artifacts and ensure traceability between system components, security controls, and supporting evidence.
• Partner closely with engineering, platform, and product teams to ensure system architectures and deployments align with required security controls.
• Guide systems through the RMF lifecycle including categorization, control implementation, assessment support, authorization, and continuous monitoring.
• Develop and maintain RMF documentation including System Security Plans (SSPs), POA&Ms, control narratives, and Body of Evidence artifacts.
• Map and validate NIST 800-53 controls against system architecture, ensuring accurate implementation and traceability.
• Maintain authorization packages within RMF tools such as eMASS, Xacta, similar compliance platforms, or especially with individual artifact (paper) packages.
• Analyze system architecture, components, and authorization boundaries to ensure RMF artifacts accurately reflect deployed technologies.
• Support ATO acquisition and sustainment activities for classified and mission systems.
• Coordinate with ISSOs, ISSMs, and Security Control Assessors during authorization and assessment activities.
• Track remediation activities and support continuous monitoring efforts across secure environments.

Requirements

• Experience implementing RMF for DoD systems aligned to NIST 800-53 and ICD 503
• Experience developing and maintaining ATO packages and RMF artifacts
• Strong understanding of system architecture, authorization boundaries, and control traceability
• Experience working with RMF management tools such as eMASS or Xacta
• Ability to translate security controls into actionable guidance for engineering teams
• Ability to operate independently and proactively manage RMF workstreams
• Experience supporting JSIG-aligned classified environments
• Prior experience serving as or supporting an ISSO or ISSM
• Familiarity with cloud, DevSecOps pipelines, or multi-domain security environments
• Experience working with DoD Authorizing Officials or Security Control Assessors
• Active Top Secret clearance with SCI eligibility.

Tech Stack

• Cloud

Benefits

• 10% 401k match, 100% immediately vested
• 100% employer-paid health, dental & vision coverage
• 100% employer-paid short and long term disability benefits
• 100% employer-paid life insurance policy
• 20 days of flexible paid time off
• 11 federal holidays and 2+ Skyward holidays
• Unlimited sick & bereavement leave events
• Company issued laptop, mobile phone and expense card
• $5,250 per year tax-exempt educational reimbursement
• $250 office set-up stipend
• $50 monthly internet stipend
• $60 monthly coffee budget ☕
• Additional discretionary benefits throughout the year