Cloud Information System Security Engineer (ISSE) -RMF - Suitlan with Security Clearance

Job Description

Provide comprehensive Risk Management Framework (RMF) support for a new emerging cloud environment designed for classified systems, ensuring hosted capabilities achieve and maintain Authorization to Operate (ATO) and Authorization to Proceed (ATP) in accordance with DoD, DON, and NIST cybersecurity requirements. Deliver expert support across the RMF lifecycle, including system categorization, security control selection, tailoring, and development of required documentation. Support assessment readiness, continuous monitoring, and security engineering activities necessary to sustain secure operations.

Coordinate with Navy and DoD cybersecurity stakeholders to ensure alignment with enterprise policies and cloud security requirements. Ensure all RMF activities comply with CNSSI 1253, NIST SP 800 - 53/53A, DoDI 8510.01, DON CIO policy, and DoD cloud/enterprise control inheritance frameworks. Support documentation, assessment preparation, and ongoing authorization efforts for assigned classified cloud systems. This position plays a critical role in maintaining compliance, strengthening cybersecurity posture, and enabling the secure modernization of emerging cloud - based classified capabilities.

Primary Duties and Responsibilities:

• Execute the full Risk Management Framework (RMF) lifecycle for classified cloud - hosted systems, including system categorization, control selection, tailoring, and authorization support.
• Develop, maintain, and update RMF documentation and artifacts, including System Security Plans (SSP), Security Assessment Plans (SAP), Plans of Action and Milestones (POA&M), system inventories, data flow diagrams, and other required documentation.
• Analyze vulnerability and compliance scan results (e.g., ACAS, STIGs, SCAP, MDE), validate findings, and coordinate remediation activities with system owners and engineering teams.
• Identify and document inherited security controls from cloud service providers and enterprise services, ensuring accurate representation within RMF packages in eMASS and Xacta.
• Support configuration and change management processes by conducting Security Impact Assessments (SIAs) and advising Configuration Control Boards (CCBs) on cybersecurity risks.
• Perform and support security control assessments in accordance with NIST SP 800 - 53A, including evidence collection, validation, and coordination with Security Control Assessors (SCAs).
• Maintain accurate, up - to - date eMASS and Xacta records, including control implementation status, assessment evidence, and POA&M entries throughout the RMF lifecycle.
• Plan, coordinate, and execute continuous monitoring activities and Annual Security Reviews (ASRs), including risk reporting and remediation tracking.
• Support incident response and contingency planning activities, ensuring procedures remain current and aligned with Navy cybersecurity requirements.
• Participate in cybersecurity governance forums, Cybersecurity Status Reviews (CSRs), Security Working Groups (SWGs), and CCBs, to communicate system risk posture.
• Support system modernization initiatives and cloud capability enhancements by performing security impact analyses and updating RMF documentation.
• Ensure compliance with DoD, DON, and NIST security policies, including CNSSI 1253, DoDI 8510.01, and DON CIO guidance.
• Provide clear, timely communication of cybersecurity risks, posture, and authorization status to stakeholders and leadership.

Required Qualifications:

• Minimum of five (5) years of RMF, cybersecurity compliance, or system authorization experience.
• At least two (2) years supporting RMF or cybersecurity activities for DoD cloud or classified system environments.
• Hands - on experience with eMASS and Xacta for managing RMF packages and POA&M tracking.
• Active DoD 8570/8140 baseline certification (e.g., Security+…