Cyber RMF Specialist

SHR is a premier technology integrator solving our nation’s most complex modernization and readiness challenges across the defense, federal civilian, and intelligence markets. Our robust portfolio of offerings includes high-end solutions in systems engineering and integration; enterprise IT, including cloud services; cyber; software; advanced analytics and AI. With an intimate understanding of our customers’ challenges and deep expertise in existing and emerging technologies, we integrate the best components from our own portfolio and our partner ecosystem to deliver innovative, effective, and efficient solutions.

We are a rapidly growing organization seeking experienced Cyber RMF Specialist to provide IT expertise for supporting a DISA environment. This position is responsible for executing the DoD Risk Management Framework (RMF) and broader cyber compliance functions across the assigned IT portfolio. The Cyber RMF Specialist ensures that systems, accreditation boundaries, and supporting processes are properly assessed, documented, monitored, and maintained, and that the resulting compliance posture adheres to DoD security standards, organizational values, and contractual performance requirements.

This role supports Government customers across one or more classification domains and may require work across standard business hours or on a shift/rotational schedule depending on task order requirements. The Cyber RMF Specialist works in close partnership with system owners, system administrators, the cybersecurity team, and the Authorizing Official’s staff to ensure systems achieve and sustain Authorization to Operate (ATO) status and remain compliant with all applicable DoD, CYBERCOM, and DISA policies, directives, and orders.

• Execute RMF activities in accordance with DoD Instruction 8510.01 across the six RMF steps:
  Categorize, Select, Implement, Assess, Authorize, and Monitor.
• Develop, review, and maintain System Security Plans (SSPs), Risk Assessment Reports (RARs), Security Assessment Reports (SARs), and supporting Assessment and Authorization (A&A) artifacts.
• Coordinate with system owners and engineering teams to capture system descriptions, accreditation boundaries, data flows, and information types in accordance with CNSSI 1253 and NIST SP 800-53.
• Support ATO sustainment, reauthorization, and ongoing authorization activities for assigned accreditation boundaries.
• eMASS Administration:
  Administer the Enterprise Mission Assurance Support Service (eMASS) including system registration, control implementation status updates, artifact uploads, and workflow routing to the assessor and Authorizing Official.
• Continuous Monitoring:
  Execute continuous monitoring activities including control reassessment, configuration drift analysis, and recurring evidence collection to maintain authorization currency.
• Control Mapping:
  Maintain accurate mappings between deployed technical controls, NIST SP 800-53 control statements, and DoD overlays so that compliance evidence is traceable end-to-end.

• Develop, track, and update Plan of Action and Milestones (POA&Ms) on the cadence required by Government leadership.
• Coordinate with technical SMEs to scope remediation actions, validate completion, and submit milestone updates.
• Conduct root cause analysis for repeat findings and recommend systemic controls to drive down the vulnerability backlog.
• Post-Inspection Discrepancies:
  Develop and submit follow-on POA&Ms after Government inspections, audits, or assessments within Government-required timelines.
• Risk Acceptance Coordination:
  Prepare risk acceptance packages where remediation is not feasible and coordinate Government approval through the appropriate authority.

• Conduct STIG compliance assessments using SCAP-based tools, STIG Viewer, and manual checks against deployed systems.
• Develop and maintain schedules for manual STIG checks and ensure recurring execution by responsible technical teams.
• Analyze ACAS / Nessus vulnerability scan output, develop weekly scan analysis reports, and coordinate remediation with system owners.
• Track new Information Assurance Vulnerability Management (IAVM) advisories and STIG releases; produce recurring metrics on coverage and remediation status.
• Boundary Posture Management:
  Maintain assigned accreditation boundaries at a non-critical vulnerability posture as defined by Government quality standards and report any deviations to leadership.

• Acknowledge receipt of TASKORDs, OPORDs, and other Government cyber tasking within the required response window.
• Decompose Government cyber tasking into actionable work, assign to responsible parties, and track to closure with auditable evidence.
• Deployment Compliance:
  Coordinate with system administrators and engineering teams to validate compliance of new deployments and produce recurring reporting on deployment, software…