-
Summary
Overview:
Seeking a dedicated and experienced Risk Management Framework (RMF) Specialist to oversee and manage cybersecurity processes, ensuring compliance with DoD and Air Force policies. The RMF Specialist will play a critical role in safeguarding the Air Force's information systems by identifying, assessing, and mitigating security risks. This position requires a deep understanding of the RMF lifecycle and its application in a military context. Work Environment:
• Location: Scott Air Force Base
• Security Clearance: Must possess or be able to obtain and maintain a Top Secret/SCI clearance; an Active Secret is acceptable to start Responsibilities
• RMF Implementation: Lead the implementation of the Risk Management Framework (RMF) for Air Force information systems, ensuring compliance with DoD and Air Force cybersecurity policies.
• Security Control Assessment: Conduct security control assessments and validate the effectiveness of implemented controls for information systems.
• Risk Analysis: Perform risk assessments to identify vulnerabilities, threats, and risks to information systems, and recommend appropriate mitigation strategies.
• Documentation: Prepare and maintain RMF documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports.
• Continuous Monitoring: Implement and manage continuous monitoring strategies to ensure ongoing assessment and authorization of information systems.
• Collaboration: Work closely with system owners, developers, and other stakeholders to ensure security requirements are integrated throughout the system development lifecycle.
• Audit Support: Support internal and external audits, reviews, and inspections related to information system security.
• Policy and Compliance: Ensure alignment with current Air Force cybersecurity policies, standards, and regulations, and recommend updates to cybersecurity policies as needed. Qualifications:
Requirements
• Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Experience: Minimum of 5 years of experience in cybersecurity, with at least 3 years specializing in RMF processes and DoD information systems.
• Certifications: Needs a Sec+ or similar, but be willing to obtain relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
• Security Clearance: Ability to obtain and maintain a Top Secret/SCI security clearance.
• Technical Skills: Proficiency in RMF tools and technologies, such as eMASS (Enterprise Mission Assurance Support Service) and vulnerability assessment tools (e.g., Nessus, ACAS, SCAP).
• Knowledge: In-depth knowledge of NIST Special Publications (SP) 800-37, 800-53, and 800-171, as well as DoD Instruction 8510.01 and related guidelines.
• Communication: Strong verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts to both technical and non-technical audiences.
• Analytical Skills: Excellent analytical and problem-solving skills, with a keen attention to detail and a proactive approach to identifying and addressing security risks.
Competencies & Skills
• Strong problem-solving skills and the ability to troubleshoot database issues effectively.
• Excellent communication and collaboration skills for cross-team efforts. -
Job Description
Overview:
Seeking a dedicated and experienced Risk Management Framework (RMF) Specialist to oversee and manage cybersecurity processes, ensuring compliance with DoD and Air Force policies. The RMF Specialist will play a critical role in safeguarding the Air Force's information systems by identifying, assessing, and mitigating security risks. This position requires a deep understanding of the RMF lifecycle and its application in a military context. Work Environment:
• Location: Scott Air Force Base
• Security Clearance: Must possess or be able to obtain and maintain a Top Secret/SCI clearance; an Active Secret is acceptable to start Responsibilities
• RMF Implementation: Lead the implementation of the Risk Management Framework (RMF) for Air Force information systems, ensuring compliance with DoD and Air Force cybersecurity policies.
• Security Control Assessment: Conduct security control assessments and validate the effectiveness of implemented controls for information systems.
• Risk Analysis: Perform risk assessments to identify vulnerabilities, threats, and risks to information systems, and recommend appropriate mitigation strategies.
• Documentation: Prepare and maintain RMF documentation, including System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), and Risk Assessment Reports.
• Continuous Monitoring: Implement and manage continuous monitoring strategies to ensure ongoing assessment and authorization of information systems.
• Collaboration: Work closely with system owners, developers, and other stakeholders to ensure security requirements are integrated throughout the system development lifecycle.
• Audit Support: Support internal and external audits, reviews, and inspections related to information system security.
• Policy and Compliance: Ensure alignment with current Air Force cybersecurity policies, standards, and regulations, and recommend updates to cybersecurity policies as needed. Qualifications:
Requirements
• Education: Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• Experience: Minimum of 5 years of experience in cybersecurity, with at least 3 years specializing in RMF processes and DoD information systems.
• Certifications: Needs a Sec+ or similar, but be willing to obtain relevant cybersecurity certifications such as Certified Information Systems Security Professional (CISSP), Certified Authorization Professional (CAP), or equivalent.
• Security Clearance: Ability to obtain and maintain a Top Secret/SCI security clearance.
• Technical Skills: Proficiency in RMF tools and technologies, such as eMASS (Enterprise Mission Assurance Support Service) and vulnerability assessment tools (e.g., Nessus, ACAS, SCAP).
• Knowledge: In-depth knowledge of NIST Special Publications (SP) 800-37, 800-53, and 800-171, as well as DoD Instruction 8510.01 and related guidelines.
• Communication: Strong verbal and written communication skills, with the ability to effectively convey complex cybersecurity concepts to both technical and non-technical audiences.
• Analytical Skills: Excellent analytical and problem-solving skills, with a keen attention to detail and a proactive approach to identifying and addressing security risks.
Competencies & Skills
• Strong problem-solving skills and the ability to troubleshoot database issues effectively.
• Excellent communication and collaboration skills for cross-team efforts. -
ABOUT THE COMPANY
-
-
Government Careers
Show moreGovernment jobs offer stability, competitive benefits, and the chance to make a meaningful impact on your community and country.
Whether you’re starting your career or seeking new opportunities, these roles provide pathways for growth, security, and service.
Explore positions across a wide range of fields and take the first step toward a rewarding future in public service.
-