×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Risk Management Framework Subject Matter Expert

Job in Springfield, Fairfax County, Virginia, 22152, USA
Listing for: Apavo Corporation
Full Time position
Listed on 2026-06-03
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Job Description & How to Apply Below
Job Title:

Risk Management Framework (RMF) Subject Matter Expert

Location:

DMV Area / Client Site Based on Program Needs

Department:
Cyber Security Services

Reports To:

Management

FLSA Status:
Full Time/Non-exempt

Apavo is at the forefront of cybersecurity, providing services to military, defense, and critical infrastructure industries. Joining the Apavo team means becoming part of a company rooted in the principles of quality, and communication. We value positive, candid interactions and the belief that everyone has valuable contributions to make. Apavo stands out for its commitment to a work-life balance and fostering a growth mindset among all team members.

If you are looking to make a meaningful impact in the cybersecurity world while growing professionally in a supportive environment, Apavo is the place for you.

The RMF Subject Matter Expert (SME) supports cybersecurity and compliance efforts across multiple customer environments and system types within the Department of Defense and Intelligence Community. This role combines elements of ISSO, ISSM, and Security Control Assessor (SCA) responsibilities to support all phases of the Risk Management Framework (RMF) lifecycle in accordance with NIST SP 800-37 Rev. 2.

The RMF SME will provide technical guidance, assessment support, operational security oversight, and authorization package development while partnering with system owners, engineers, ISSOs, SCAs, and government stakeholders to maintain compliant and secure environments.

RMF SME responsibilities include, but are not limited to:
  • Support RMF activities across all six RMF steps:
    Categorize, Select, Implement, Assess, Authorize, and Monitor.
  • Develop, review, and maintain RMF documentation including SSPs, SARs, SAPs, RARs, POA&Ms, contingency plans, and authorization packages.
  • Support security control selection, tailoring, implementation, and assessment activities aligned to NIST SP 800-53 Rev. 5.
  • Conduct or support independent security control assessments and validation activities.
  • Perform ISSO operational security responsibilities including account reviews, audit reviews, vulnerability tracking, configuration management coordination, and continuous monitoring activities.
  • Utilize eMASS, Xacta, or equivalent GRC/A&A platforms to manage RMF activities and system artifacts.
  • Interpret and analyze STIG findings, SCAP scans, ACAS results, and vulnerability assessment data to support remediation efforts.
  • Develop and track POA&Ms and coordinate remediation activities with technical and program teams.
  • Support ongoing continuous monitoring (Con Mon) strategies, reporting, and compliance reviews.
  • Provide cybersecurity guidance to system owners, engineers, and leadership regarding RMF compliance and risk posture.
  • Ensure cybersecurity documentation and processes align with DoD RMF requirements, DoDI 8510.01, ICD 503, CNSSI 1253, and applicable customer guidance.
  • Support cloud and hybrid environments as applicable, including AWS and Azure-based systems.
  • Assist with executive-level briefings, risk discussions, and authorization recommendations.
The RMF SME is expected to perform additional duties as assigned in support of Apavo cybersecurity services and strategic growth initiatives.

Requirements

Qualifications
  • Strong working knowledge of NIST SP 800-37 Rev. 2 and NIST SP 800-53 Rev. 5.
  • Experience supporting DoD RMF and/or Intelligence Community RMF frameworks including ICD 503 and CNSSI 1253.
  • Hands-on experience with eMASS, Xacta, or equivalent GRC/A&A platforms.
  • Experience developing and reviewing RMF artifacts and ATO packages.
  • Familiarity with STIGs, SCAP, ACAS, vulnerability management, and remediation processes.
  • Understanding of continuous monitoring strategies and compliance reporting.
  • Strong analytical, communication, and documentation skills.
  • Ability to collaborate effectively with technical teams, security leadership, and government stakeholders.
  • Experience supporting cloud-based environments and security authorizations is preferred.
  • Bachelor's Degree in Cybersecurity, Information Technology, Computer Science, or related technical discipline preferred.
  • Active TS/SCI clearance required. Candidates must be eligible for CI…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search