About the position
NV5Geospatial is currently seeking a dedicated and experienced Risk Management Framework (RMF) Specialist to oversee and manage cybersecurity processes, ensuring compliance with DoD and Air Force policies. The RMF Specialist will play a critical role in safeguarding the Air Force's information systems by identifying, assessing, and mitigating security risks. This position requires a deep understanding of the RMF lifecycle and its application in a military context. The Risk Management Framework (RMF) Specialist is responsible for implementing and maintaining the RMF process within an organization, specifically for systems and applications hosted on the Amazon Web Services (AWS) cloud. This includes working with various stakeholders to identify and assess risks, developing and implementing risk management strategies, and ensuring compliance with relevant regulations and standards. The RMF Specialist will also be responsible for preparing and maintaining Authority to Operate (ATO) documents, as well as providing guidance and training to other members of the organization on RMF-related matters.
Responsibilities
- Lead the implementation of the Risk Management Framework (RMF) for Air Force information systems, ensuring compliance with DoD and Air Force cybersecurity policies.
- Conduct security control assessments and validate the effectiveness of implemented controls for information systems.
- Perform risk assessments to identify vulnerabilities, threats, and risks to information systems, and recommend appropriate mitigation strategies.
- Prepare and maintain RMF documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports.
- Implement and manage continuous monitoring strategies to ensure ongoing assessment and authorization of information systems.
- Work closely with system owners, developers, and other stakeholders to ensure security requirements are integrated throughout the system development lifecycle.
- Support internal and external audits, reviews, and inspections related to information system security.
- Ensure alignment with current Air Force cybersecurity policies, standards, and regulations, and recommend updates to cybersecurity policies as needed.
Requirements
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- Minimum of 5 years of experience in cybersecurity, with at least 3 years specializing in RMF processes and DoD information systems.
- Must possess or be willing to obtain relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
- Ability to obtain and maintain a Top Secret/SCI security clearance.
- Proficiency in RMF tools and technologies, such as eMASS (Enterprise Mission Assurance Support Service) and vulnerability assessment tools (e.g., Nessus, ACAS, SCAP).
- In-depth knowledge of NIST Special Publications (SP) 800-37, 800-53, and 800-171, as well as DoD Instruction 8510.01 and related guidelines.
- Strong verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts to both technical and non-technical audiences.
- Excellent analytical and problem-solving skills, with a keen attention to detail and a proactive approach to identifying and addressing security risks.
Benefits
- Medical insurance
- Dental insurance
- Life insurance
- Paid Time Off (PTO)
- 401(k)
- Professional development/advancement opportunities
