Sr ISSE/RMF

Location: Suffolk, VA Clearance: Top Secret Certification: IAT Level III (e.g., CISSP, CASP CE)

Seeking a Senior Risk Management Framework (RMF) lead Assessment and Authorization (A&A) accreditation efforts for the Deputy Directorate, Joint Training (DDJT). This role requires deep expertise in DoD RMF policies, NIST controls, and the use of the eMASS system to ensure system security compliance.

• RMF & eMASS Leadership: Serve as the primary SME for DoD RMF, leading the A&A lifecycle, and utilizing eMASS to document activities, implement security controls, and manage accreditation tasks.

• Control Implementation: Apply, tailor, and test security controls per NIST SP and CNSSI 1253 categorization, including the application of necessary overlays (e.g., privacy, classified).

• Security Documentation: Develop, maintain, and finalize all required A&A documentation, including the System Security Plan (SSP), Security Assessment Plan (SAP), and Security Assessment Reports (SARs).

• POA&M Management: Conduct active and passive reconnaissance to identify vulnerabilities, assess risk, and author accurate Plans of Milestones and Actions (POA&Ms) with verifiable mitigation statements and tracking.

• Compliance Scheduling: Adhere to the eMASS schedule, completing tasks like Quarterly Independent Verification and Validation (IV&V), Annual Security Review (ASR), monthly POA&M updates, and timely resubmission for ATO/ATC/IATT.

• Stakeholder Collaboration: Partner with System Owners, developers, and team leads to integrate security requirements throughout system design and implementation.

• System Maintenance: Manage DISA circuit connections (CCSDs) and inheritance documentation from accredited systems/cloud providers.

• Experience: Master's degree in Cybersecurity (or related) AND 5+ years of experience with DoD RMF, A&A, and cybersecurity policies.

  • Alternatively: 10 years of experience in cybersecurity analysis with a strong understanding of applicable laws and regulations.

• Certifications (Required Prior to Start):

  • IAT Level III Certification (e.g., CISSP, CASP CE, CISA, GCED, GCIH).

  • DISA eMASS Computer Based Training certificate.

  • Annual Cyber Awareness Training certificate.