What are the responsibilities and job description for the Cyber Risk Management Framework (RMF) Specialist : DOD/NAVY position at NSS?
Currently seeking a highly skilled Cyber Risk Management Framework (RMF) Specialist. This is a long-term, permanent position and is 100% onsite at the Navy Yard in Washington, DC.
Active security clearance and CISSP certification is REQUIRED.
About The Position:
The ideal candidate will have extensive experience with DOD cybersecurity policies and processes and expertise in implementing NIST, DoD, and RMF standards. This role requires close collaboration with NAVSEA, NIWC and other Navy cybersecurity organizations to ensure compliance with DoD 8510.01 (RMF for DoD IT), NIST 800-53, and other relevant cybersecurity policies.
Day 2 Day Overview:
Qualifications:
Nice To Have (Not Required):
Active security clearance and CISSP certification is REQUIRED.
About The Position:
The ideal candidate will have extensive experience with DOD cybersecurity policies and processes and expertise in implementing NIST, DoD, and RMF standards. This role requires close collaboration with NAVSEA, NIWC and other Navy cybersecurity organizations to ensure compliance with DoD 8510.01 (RMF for DoD IT), NIST 800-53, and other relevant cybersecurity policies.
Day 2 Day Overview:
- Provide on-site cybersecurity compliance, risk assessment, and risk mitigation support regarding Navy systems and networks.
- Lead Risk Management Framework (RMF) implementation for Navy systems, ensuring compliance with DoD, NAVSEA, and DON cybersecurity policies.
- Conduct system security assessments, vulnerability management, and risk analysis to support Authority to Operate (ATO) package development.
- Develop and maintain RMF artifacts, including System Security Plans (SSP), Security Control Traceability Matrices (SCTM), and Plans of Action & Milestones (POA&M).
- Perform continuous monitoring activities, ensuring cybersecurity compliance through security controls assessments and STIG compliance validation.
- Provide cyber risk mitigation strategies, recommendations, and corrective actions based on NIST 800-53, CNSSI 1253, and DoD cybersecurity frameworks.
- Support NAVSEA and/or NIWC leadership with RMF policy interpretation and implementation guidance.
- Collaborate with cybersecurity and engineering teams to integrate security into system architectures.
- Assist in preparing for Navy cybersecurity inspections, audits, and cyber readiness reviews.
- Maintain up-to-date knowledge of evolving cyber threats, Navy cybersecurity policies, and emerging RMF best practices
- Write Cyber Security Plans, Software Validation Plans.
Qualifications:
- Active Secret clearance.
- Active CISSP certification (Certified Information Systems Security Professional).
- Completed Bachelor’s Degree
- 5-10 years of experience in cybersecurity with a focus on RMF compliance in the Navy OR DoD environment. (Navy experience not required (will train) but DOD experience is a MUST!).
- Experience in DOD acquisitions.
- Strong knowledge of any of the following: DoD RMF, DoD 8510.01, NIST 800-53, NIST 800-37, CNSSI 1253, and DoD STIGs.
- Experience with eMASS, ACAS, Nessus, HBSS, and/or other DoD cybersecurity tools.
Nice To Have (Not Required):
- Familiarity with classified and unclassified Navy networks (e.g., NMCI, DODIN, ONE-Net, RDT&E)
- Experience supporting NAVSEA, NIWC, or other Navy cybersecurity organizations.
