Platform Security & RMF Lead

ABOUT DEFCON AI

RESILIENCE IN THE FACE OF DISRUPTION. DEFCON AI is an insights company that leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems. In today’s dynamically changing world, DEFCON AI’s technology aligns outcomes with operational goals, better decision making, and empowers customers to anticipate assess, and mitigate the impacts of disruptions.

This is a rare opportunity to define the security posture of a mission-critical DoW software platform from the ground up.

As the Platform Security & RMF Lead, you will own the authorization posture and platform-level security discipline for DEFCON AI’s government-facing systems and integration platform. Youare responsible forthe full RMF lifecycle—from ATO strategy through continuous monitoring—and serve as the authoritative voice on whether the system is secure, compliant, and authorized tooperate.

You will work closely with Architecture and Dev Sec Ops  leadership to define the security standards the platform must meet, while ensuring cross-domain data flows comply with classification and authorization requirements. This is a deeply specialized role requiring expert-level fluency in DoW security frameworks, RMF processes, and cleared-system environments.

This is a senior level role combining hands-on RMF execution with platform-wide security leadership. You will guide both government stakeholders and engineering teams through complex authorization, classification, and security decisions.

• Define and execute the ATO pathway, including responsibility allocation across government and contractor teams
• Author and maintain RMF documentation (SSP, SAP, SCTM, Con Mon) in accordance with DoWI 8510.01 and NIST 800-53
• Coordinate with eMASS and Authorizing Officials on assessment and authorization activities
• Lead continuous monitoring and reauthorization efforts across the system lifecycle

• Define security requirements for cross-domain data flows (IL-5, IL-6, tactical edge)
• Evaluate and guide selection of DoW-approved cross-domain solutions
• Ensure classification-aware data segmentation is enforceable, auditable, and aligned with policy (e.g., NOFORN, , ORCON)
• Review system architecture to ensure compliant handling of classified data flows

• Support secure operation across NIPR, SIPR, and higher classification environments
• Define authorization approaches (inheritance vs. standalone ATOs) across enclaves
• Ensure security posture scales without requiring fundamentally different architectures
• Maintain alignment with evolving joint and service-level security requirements

• Serve as the authoritative internal resource for DoW security and RMF-related questions
• Advise on container security, RBAC, service mesh security, PKI/CAC integration, and secrets management
• Define expectations for security scanning, container hardening, and vulnerability management (without owning the pipeline)
• Evaluate new capabilities for security and authorization impacts prior to production deployment

• 10+years of information assurance or security engineering experience with increasing seniority
• 5+ years of hands-on ownership of RMF / ATO packages for DoW production systems, including at least one full authorization cycle (categorization -> controls -> implementation -> assessment -> authorization -> Con Mon).
• Deep familiarity with DoW security frameworks, RMF processes, and NIST 800-53 controls
• Proven ability to operate in complex, multi-enclave or classified environment
• US Citizenship Required
• Active Secret Clearance
• Willing to travel up to 25% for business needs

• Active TS/SCI Clearance
• Experience supporting USMC or Service-level network environments
• Experience with ATO inheritance, reciprocity, or common control provider model
• Experience with cross-domain solutions or multi-level security architectures
• Familiarity with Palantir Foundry or Anduril Lattice environments
• Prior experience as an ISSO, SCA, or in a…