Rmf/Security Risk Assessor

Summary

Join Dark Wolf Solutions as an experienced RMF Security Risk Assessor! Leverage your expertise in the Risk Management Framework (RMF) to assess and evaluate DIB organizations and their cloud-based applications. You will review security documentation, conduct risk assessments, and evaluate vulnerability management programs. This role requires strong understanding of security risks and compliance requirements within the Defense Industrial Base (DIB). You will collaborate with cross-functional teams and ensure compliance with client and program policies. The position offers a remote/hybrid work model and a competitive salary.

Requirements

• 6+ years of relevant experience in providing RMF expertise and security risk assessments. Emphasis on cloud security
• Experience in cATO and Fast Track ATO processes and procedures
• Previous experience in security risk assessment and management, especially in cloud-based systems
• Ability to meticulously assess security risks and ensure compliance with client and program requirements
• Strong verbal and written communication skills to effectively collaborate with cross-functional teams and stakeholders
• Proactive approach to identifying and mitigating risks in systems and processes
• Bachelor’s in Statistics, Mathematics, Computer Science or another related field
• US Citizenship and ability to obtain a Secret security clearance

Responsibilities

• Apply the Risk Management Framework (RMF) to assess and evaluate DIB organizations and their cloud-based applications
• Review and analyze security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms), for RMF compliance
• Conduct comprehensive risk assessments to identify, analyze, and evaluate cybersecurity risks to DIB organizations, particularly those operating in cloud environments
• Evaluate vulnerability management programs to determine their effectiveness in identifying and mitigating security weaknesses
• Assess Defense Industrial Base (DIB) and potential DIB companies for adherence to Federal cybersecurity policies, standards, and best practices, including but not limited to NIST 800-171, CMMC, and FedRAMP requirements
• Oversee the continuous Authorization to Operate (cATO) assessment process for multiple applications
• Ensure applications going into production minimize risk and comply with client and program policies and requirements
• Assess and mitigate risks associated with the deployment and operation of applications in cloud environments
• Collaborate with cross-functional teams to manage the lifecycle of various capabilities, from configuration to enhancement and development
• Oversee data management processes to ensure data integrity and security
• Provide support for ongoing operations and maintenance of systems to ensure security and compliance
• Apply HCD methodologies to the design and development of products, ensuring user-centric solutions

Preferred Qualifications

• DoD experience strongly encouraged, followed by IC and Fed Civilian
• Experience assessing DIB organizations or working with federal cybersecurity regulations (NIST 800-171, CMMC, FedRAMP)
• Relevant certifications such as CISSP, CISA, CISM, Security+, or equivalent
• Experience with vulnerability scanning tools and techniques
• A Certified Kubernetes Administrator (CKA) certification is highly desirable to understand risks in cloud environments

Benefits

• This position will be a remote/hybrid role based out of multiple hubs including: Herndon, VA, Colorado Springs, CO, Atlanta, GA, Tampa, FL, and Omaha, NE
• The salary range for this position is estimated to be between $140,000.00 - $170,000.00, commensurate on experience and technical skillset