Key skills
Cyber SecurityTypeScriptRepositoryAgileRisk ManagementDecision Making
About this role
Role Overview
- Lead Risk Management Framework (RMF) initiatives for Cross Domain Enterprise Services (CDES)
- Support the Multi-Security Level Integration and Test Facility (MSL-ITF) by providing detailed system requirements and continuous monitoring updates
- Manage and maintain CDES and MSL-ITF Enterprise Mission Assurance Support Service (eMASS) packages
- Implement tracking and remediation processes to improve vulnerability management timelines
- Strengthen the overall security posture of the systems
- Provide compliance insights to the Information System Security Manager (ISSM)
- Conduct regular audits and assessments to ensure compliance with DoD cybersecurity standards
- Develop and maintain documentation for cybersecurity policies, procedures, and guidelines
- Collaborate with cross-functional teams to ensure cybersecurity requirements are integrated into all phases of the system lifecycle
- Ensure accuracy across Plans of Action and Milestones (POA&Ms), Assured Compliance Assessment Solution (ACAS) results, and Security Technical Implementation Guides (STIGs)
- Develop, review, and maintain cybersecurity documentation required for RMF authorization packages (e.g., SSPs, POA&Ms, SARs, policies, and procedures)
- Prepare and maintain Body of Evidence (BOE) artifacts supporting system authorization and continuous monitoring activities
- Collect and organize BOE results generated by the software team as part of their DevSecOps process
- Publish, organize, and maintain BOE results in a Government-approved system (such as eMASS or Xacta)
- Ensure cybersecurity documentation aligns with NIST SP 800-53, RMF, and DoD cybersecurity requirements
- Validate accuracy and completeness of documentation within GRC tools (e.g., eMASS or equivalent)
- Support continuous monitoring documentation updates reflecting system changes, vulnerabilities, and remediation efforts
- Collaborate with ISSOs, ISSMs, system engineers, DevSecOps teams, and cybersecurity personnel to collect and validate required documentation inputs
- Support preparation for audits, inspections, and cybersecurity assessments by ensuring documentation readiness and traceability
- Track and manage documentation updates related to system changes, configuration updates, and security control implementations
- Develop standard templates, processes, and best practices for cybersecurity documentation management
- Analyze compliance gaps and support remediation tracking and reporting
- Support data calls, assessment activities, and RMF lifecycle processes (including Step 0 and ongoing authorization support)
- Prepare reports and documentation to support Government risk-based decision making
- Participate in SAFe ceremonies including PI Planning, backlog refinement, sprint reviews, and retrospectives.
Requirements
- Active Top Secret (TS) clearance with SCI eligibility
- Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, Information Systems, Engineering, or related technical discipline OR equivalent training/experience aligned to DoD 8140 pathways
- 8–12 years of relevant experience supporting cybersecurity documentation, RMF, or compliance activities
- Minimum of 5 years of experience in cybersecurity documentation and RMF processes
- At least one of the following foundational qualification pathways consistent with DoD 8140 requirements: Current DoD 8570/8140 baseline certification appropriate for Intermediate Cyber Defense Analyst roles (e.g., CySA+, GCDA, GCIH, or equivalent), Offerings listed in the DoD 8140 Training Repository, Demonstrated equivalent training and experience qualifying under DoD 8140 foundational qualification alternatives
- Ability to generate, prepare, store, and maintain cybersecurity BOE results
- Experience in vulnerability management and remediation processes
- Experience developing and maintaining RMF documentation (e.g., SSPs, POA&Ms, BOE artifacts)
- Experience supporting continuous monitoring and cybersecurity compliance processes
- Experience working with GRC tools such as eMASS or equivalent
- Experience supporting cybersecurity audits, inspections, and authorization activities
- Experience analyzing and applying cybersecurity standards (e.g., NIST SP 800-53, RMF)
- Experience operating within SAFe or Agile frameworks supporting enterprise systems.
Tech Stack
- Cyber Security
- TypeScript
Benefits
- Competitive compensation
- Health and Wellness programs
- Income Protection
- Paid Leave
- Retirement