Senior RMF Cybersecurity Engineer (Navy)
- $120,000 - $150,000
- Manassas, VA
Join a cybersecurity engineering team supporting U.S. Navy programs where you will drive RMF execution, security compliance initiatives, and system authorization activities from end to end.
A bit about us:
We are a defense-focused engineering organization supporting cybersecurity and information assurance initiatives across U.S. Navy environments. Our team specializes in securing critical systems through authorization management, risk mitigation strategies, vulnerability assessment processes, and cybersecurity engineering practices designed to support evolving compliance and operational requirements.
Title: Software Systems Engineer III
Location: Manassas, VA
Salary: $110,000 - $150,000
Title: Software Systems Engineer III
Location: Manassas, VA
Salary: $110,000 - $150,000
Why join us?
- Full time salaried position, direct hire, full benefits package
- Annual profit sharing program
- 401k with company match
- Relocation assistance (Sign-On Bonus for moving expenses, generally $2k-$4k)
- Quick interview process
- Great opportunity for career advancement
- Excellent employee tenure on average
- 3 weeks vacation for 1st year (standard, potential to negotiate)
- Medical, Dental, Vision from your first day of work!
Job Details
We are seeking a hands-on RMF Cybersecurity Engineer with deep experience executing the DoD Risk Management Framework process. This position is heavily focused on security control implementation, control assessment activities, CCI validation, STIG compliance, vulnerability analysis, and development of authorization package artifacts supporting Navy information systems. The ideal candidate has 5–7+ years of direct RMF execution experience and has personally supported multiple ATO efforts from initiation through continuous monitoring.
What you will be doing:
Lead multiple Navy information systems through the full RMF lifecycle.
Develop, submit and maintain complete authorization packages including SSPs, SAPs, SARs, RARs, POA&Ms, architectural diagrams, and hardware/software inventories.
Assess and validate NIST SP 800-53 security controls and develop defensible control implementation narratives to support SCA and AO reviews.
Implement and validate STIG compliance across operating systems, databases, applications, and network components.
Conduct vulnerability scanning and analysis using ACAS/Nessus, SCAP Compliance Checker, and related cybersecurity assessment tools.
Manage POA&M activities including risk characterization, remediation tracking, milestone management, and evidence validation through closure.
Collaborate with system owners, ISSMs, ISSOs, SCAs, AOs, developers, and engineers to support authorization decisions and continuous monitoring activities.
Develop and maintain authorization boundary diagrams, system architectures, data flow mappings, and security documentation.
Support change impact analysis, ongoing authorization activities, and continuous monitoring strategies across multiple systems.
Integrate cybersecurity and assessment activities into Agile development and DevSecOps workflows where applicable.
Must Have:
Must be a U.S. Citizen with the ability to obtain and maintain a DoD Secret security clearance; active Secret clearance preferred.
Bachelor’s degree in Cybersecurity, Computer Science, Systems Engineering, Information Technology, or related technical field; equivalent experience may be considered in lieu of a degree.
3–8 years of experience supporting RMF, cybersecurity engineering, information assurance, or systems security engineering activities within DoD environments.
Experience executing the full RMF lifecycle in accordance with NIST SP 800-37 for DoD or Navy information systems.
Strong knowledge of NIST SP 800-53 Rev 4 and/or Rev 5 security controls and control assessment methodologies.
Experience developing RMF artifacts including SSPs, SAPs, SARs, RARs, and POA&Ms.
Proficiency with ACAS/Nessus, SCAP Compliance Checker, STIG Viewer, and vulnerability management processes.
Familiarity with system architectures, authorization boundaries, network diagrams, and secure systems engineering concepts.
Ability to communicate technical security findings and risk determinations to technical and non-technical stakeholders.
Experience supporting multiple concurrent authorization efforts in Agile or fast-paced engineering environments.
Preferred Skills:
Nice to Have:
What you will be doing:
Lead multiple Navy information systems through the full RMF lifecycle.
Develop, submit and maintain complete authorization packages including SSPs, SAPs, SARs, RARs, POA&Ms, architectural diagrams, and hardware/software inventories.
Assess and validate NIST SP 800-53 security controls and develop defensible control implementation narratives to support SCA and AO reviews.
Implement and validate STIG compliance across operating systems, databases, applications, and network components.
Conduct vulnerability scanning and analysis using ACAS/Nessus, SCAP Compliance Checker, and related cybersecurity assessment tools.
Manage POA&M activities including risk characterization, remediation tracking, milestone management, and evidence validation through closure.
Collaborate with system owners, ISSMs, ISSOs, SCAs, AOs, developers, and engineers to support authorization decisions and continuous monitoring activities.
Develop and maintain authorization boundary diagrams, system architectures, data flow mappings, and security documentation.
Support change impact analysis, ongoing authorization activities, and continuous monitoring strategies across multiple systems.
Integrate cybersecurity and assessment activities into Agile development and DevSecOps workflows where applicable.
Must Have:
Must be a U.S. Citizen with the ability to obtain and maintain a DoD Secret security clearance; active Secret clearance preferred.
Bachelor’s degree in Cybersecurity, Computer Science, Systems Engineering, Information Technology, or related technical field; equivalent experience may be considered in lieu of a degree.
3–8 years of experience supporting RMF, cybersecurity engineering, information assurance, or systems security engineering activities within DoD environments.
Experience executing the full RMF lifecycle in accordance with NIST SP 800-37 for DoD or Navy information systems.
Strong knowledge of NIST SP 800-53 Rev 4 and/or Rev 5 security controls and control assessment methodologies.
Experience developing RMF artifacts including SSPs, SAPs, SARs, RARs, and POA&Ms.
Proficiency with ACAS/Nessus, SCAP Compliance Checker, STIG Viewer, and vulnerability management processes.
Familiarity with system architectures, authorization boundaries, network diagrams, and secure systems engineering concepts.
Ability to communicate technical security findings and risk determinations to technical and non-technical stakeholders.
Experience supporting multiple concurrent authorization efforts in Agile or fast-paced engineering environments.
Preferred Skills:
- 5–7+ years of direct hands-on RMF experience supporting DoD or Navy systems
- Experience implementing, assessing, and documenting NIST 800-53 security controls
- Experience evaluating and validating Control Correlation Identifiers (CCI)
- Experience developing and maintaining:
- SSPs
- SAPs
- SARs
- RARs
- POA&Ms
- Security control implementation narratives
- Experience supporting Authorization to Operate (ATO) packages
- Experience working directly within eMASS
- Experience running and analyzing ACAS/Nessus scans
- Experience applying, validating, and documenting STIG compliance
Nice to Have:
- Experience supporting Navy authorization packages
- Familiarity with Navy RMF processes and workflows
- Experience working with NAVSEA cybersecurity requirements
- Experience supporting Navy Assessors, Authorizing Officials, or SCA teams
Jobot is an Equal Opportunity Employer. We provide an inclusive work environment that celebrates diversity and all qualified candidates receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, age (40 and over), disability, military status, genetic information or any other basis protected by applicable federal, state, or local laws. Jobot also prohibits harassment of applicants or employees based on any of these protected categories. It is Jobot’s policy to comply with all applicable federal, state and local laws respecting consideration of unemployment status in making hiring decisions.
Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance.
Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal.
By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here: jobot.com/privacy-policy
Sometimes Jobot is required to perform background checks with your authorization. Jobot will consider qualified candidates with criminal histories in a manner consistent with any applicable federal, state, or local law regarding criminal backgrounds, including but not limited to the Los Angeles Fair Chance Initiative for Hiring and the San Francisco Fair Chance Ordinance.
Information collected and processed as part of your Jobot candidate profile, and any job applications, resumes, or other information you choose to submit is subject to Jobot's Privacy Policy, as well as the Jobot California Worker Privacy Notice and Jobot Notice Regarding Automated Employment Decision Tools which are available at jobot.com/legal.
By applying for this job, you agree to receive calls, AI-generated calls, text messages, or emails from Jobot, and/or its agents and contracted partners. Frequency varies for text messages. Message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You can reply STOP to cancel and HELP for help. You can access our privacy policy here: jobot.com/privacy-policy