Sr. RMF Security Engineer
Primary Responsibilities
Leidos is seeking a Sr. Risk Management Framework (RMF) Security Engineer to support a project at a Navy base in San Diego. This position will play a critical role in ensuring that information systems comply with federal cybersecurity standards, particularly within the U.S. Department of Defense (DoD) cyber community. The RMF Security Engineer will guide the project through the RMF lifecycle, which includes categorizing information systems based on risk, selecting and implementing appropriate security controls (per NIST SP 800-53 or DoD-specific requirements), and assessing those controls for effectiveness. The RMF Security Engineer will conduct continuous monitoring, identify vulnerabilities, address compliance gaps, and ensure systems remain secure against evolving threats. The RMF Security Engineer will act as a technical advisor and problem solver, bridging the gap between cybersecurity policy and system implementation. Will perform risk assessments, analyze security test results, and recommend mitigation strategies to address findings—whether through configuration changes, tool updates, or process improvements.
Required Qualifications
- Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science or related field.
- BS with 12+ years’ experience or MS with 10+ years’ experience. Will consider work experience in lieu of a degree.
- DoD 8570 approved security certification (i.e., Security +) (Will be required 90 days after hire).
- US citizenship and an active Secret DoD security clearance.
- RMF Compliance Expertise: Deep knowledge of NIST SP 800-37, NIST SP 800-53, NIST SP 800-171, FedRAMP, and DoD Instruction 8510.
- Security Assessment & Authorization (SA&A): Experience preparing System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action & Milestones (POA&M).
- Conducting risk assessments, vulnerability scans, and penetration testing.
- eMASS (Enterprise Mission Assurance Support Service) SCAP tools (e.g., Nessus, Tenable.sc, OpenSCAP).
- SIEM tools (e.g., Splunk, ArcSight).
- STIG compliance (DISA STIGs, SCAP benchmarks).
Preferred Qualifications
- Python, Bash, PowerShell for automation.
- AI/ML in RMF.
- Zero Trust Integration: Understanding NIST SP 800-207 (Zero Trust Architecture) and how it intersects with RMF.
- CMMC 2.0.
- COMSEC Understanding.
- CISSP Certification.