Cybersecurity​/RMF Lead - Cloud - Suitland, MD Security Clearance

Position: Cybersecurity /RMF Lead - Cloud - Suitland, MD with Security Clearance
Requires US Citizenship Yes Employment Term and Type:
Regular, Full Time Required Security Clearance: (Minimum for hire) TS/SCI Required

Education:

(Minimum for hire) Bachelor's Degree in Engineering or engineering discipline;
Computer science or IT discipline;
Technical discipline Salary Band: $150,000- $165,000

Job Description:

FGS, LLC is seeking a Cybersecurity / RMF Lead to support the deployment and accreditation of a new cloud-based capability operating within a classified environment. The selected candidate will serve as the primary cybersecurity lead responsible for planning, coordinating, and executing all Risk Management Framework (RMF) activities necessary to obtain and maintain Authorization to Operate (ATO) for mission-critical systems supporting the Office of Naval Intelligence.

The Cybersecurity / RMF Lead will work closely with system engineers, cloud architects, software developers, ISSMs, ISSOs, Security Control Assessors (SCAs), Authorizing Officials (AOs), and government stakeholders to ensure cybersecurity requirements are integrated throughout the system lifecycle. This role requires a strong understanding of cloud security architectures, DoD and Intelligence Community cybersecurity requirements, and the practical application of RMF within classified environments.

Primary Duties and Responsibilities:

* Lead the execution of the DoD Risk Management Framework (RMF) lifecycle for classified cloud-hosted systems.
* Develop and maintain RMF packages within eMASS and Xacta.
* Coordinate system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring activities.
* Serve as the primary cybersecurity advisor for cloud architecture and system engineering efforts.
* Develop and maintain cybersecurity documentation, including:
* System Security Plans (SSPs)
* Security Assessment Plans (SAPs)
* Security Assessment Reports (SARs)
* Plans of Action and Milestones (POA&Ms)
* Security Impact Assessments (SIAs)
* Continuous Monitoring Plans
* Data Flow Diagrams
* System Inventories
* Coordinate with cloud service providers and enterprise service owners to document inherited security controls and shared responsibility models.
* Support implementation and assessment of NIST SP 800-53 Rev. 5 security controls.
* Analyze vulnerability findings from ACAS, STIGs, SCAP scans, Microsoft Defender for Endpoint, and other security tools.
* Validate findings and coordinate remediation activities with system administrators, developers, and engineering teams.
* Prepare systems for Security Control Assessor (SCA) evaluations and authorization reviews.
* Participate in Configuration Control Boards (CCBs), Security Working Groups (SWGs), Cybersecurity Status Reviews (CSRs), and governance meetings.
* Perform security impact analyses for system changes, software releases, and cloud capability enhancements.
* Support annual assessments, continuous monitoring activities, and reauthorization efforts.
* Track cybersecurity risks and communicate authorization status to leadership and stakeholders.
* Ensure compliance with:
* NIST SP 800-53 Rev. 5
* NIST SP 800-53A
* CNSSI 1253
* DoDI 8510.01
* DoD Cloud Computing Security Requirements Guide (SRG)
* Department of the Navy cybersecurity policies
* Intelligence Community cybersecurity guidance, as applicable

Required Qualifications:

* U.S. Citizenship.
* Active TS/SCI clearance.
* Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or related technical discipline.
* Minimum seven (7) years of cybersecurity, RMF, or information assurance experience.
* Minimum three (3) years leading RMF activities for classified systems.
* Experience supporting cloud-based systems operating within DoD or Intelligence Community environments.
* Demonstrated experience obtaining or maintaining ATOs for classified information systems.
* Hands-on experience with:
* eMASS, Xacta, NIST SP 800-53, NIST SP 800-53A
* Security control implementation and assessment
* Vulnerability management processes
* POA&M management
* Strong understanding of cloud security architectures and shared responsibility models.
* Experience coordinating with ISSMs, ISSOs, SCAs, and Authorizing Officials.
* Active DoD 8570/8140 baseline certification such as:
* CISSP, Security+ CE, CASP+, CCSP, GSLC, Equivalent approved certification Desired

Qualification:

* CISSP certification preferred.
* CCSP certification strongly desired.
* Experience supporting classified cloud deployments.
* Experience with Azure Government, AWS Gov Cloud, or other accredited cloud environments.
* Familiarity with Intelligence Community accreditation processes.
* Experience supporting Dev Sec Ops  environments and containerized workloads.
* Experience with vulnerability scanning tools including ACAS, Nessus, STIG Viewer, SCAP, and Microsoft Defender for Endpoint.
* Experience supporting continuous monitoring programs.
* Strong technical writing and briefing skills.
*…