RMF Security Engineer

SteelGate is seeking a RMF Security Engineer to support Defense Manpower Data Systems. As a RMF Cybersecurity Analyst, you will be entrusted with ensuring our IT engineering solutions meet the highest security standards, adhere to all applicable standards, guidelines, and mandates; and provide all appropriate documentation necessary to make up a Body of Evidence (BoE) for the Chief Information Security Officer (CISO) and Authorizing Official (AO) to successfully justify issuing an Authority to Operate (ATO).

Candidate Requirements:

1. 5 years of experience conducting Risk Management Framework duties or related tasks.
2. Thorough understanding of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the federal government, including knowledge of all phases of the RMF lifecycle.
3. Proven experience in assisting client risk management tasks, such as managing POA&M, conducting Security Tests and Evaluations (ST&E), creating system documentation, performing authorizations, carrying out risk assessments, handling third-party audits, ensuring compliance with NIST 800-53 standards, and performing threat assessments according to the RMF lifecycle and processes.
4. Demonstrated proficiency to plan and monitor security control implementation for the protection of networks, enclaves, and information systems.
5. Strong communication abilities, including working closely with highly technical administrators to enhance overall security measures.
6. Ability to generate and interpret ACAS reports to identify system vulnerabilities and monitor remediation efforts or mitigation strategies.
7. Working knowledge and experience implementing and evaluating manual Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP), and SCAP Compliance Checker (SCC). Ability to generate and interpret Red Hat Advanced Cluster Security for Kubernetes (StackRox) reports.
8. Working knowledge of common assessment & authorization (A&A) application platforms e.g. eMASS, CSAM, Xacta, etc.
9. Previous experience in a technical role such as a system or network administrator is a plus.

Desired Skills / Knowledge:

1. Business Writing
2. Communications Planning
3. Cloud Security
4. Enterprise Mission Assurance Support Service (eMASS)
5. Information Security Engineering / IT Security
6. Authority to Operate (ATO)
7. Plan Of Action And Milestones (POA&M)
8. Security Engineering
9. Security Operations
10. Security Technical Implementation Guides (STIGS)
11. System Security Plan (SSP)
12. DevSecOps / Containerized CI/CD Pipeline Security Practices

Primary Location: Seaside, CA or National Capital Region (NCR)

Location Requirement: Hybrid (occasional on-site required)