RMF Engineer

Position Responsibilities:

• Develop and deliver implementation plans, risk assessments, research, and analysis supporting RMF and continuous monitoring based on Government regulations, plans, and direction.
• Provide monthly status reports and track the execution of Army RMF, including compliance with authorizations, system assessments, and Plan of Actions & Milestones (POA&M) expirations and executions.
• Collaborate with automated RMF tools such as eMASS and APMS, following the Federal Information Security Management Act (FISMA), DoD Directive 8500.01, NIST Special Publication 800-53, and CNSSI 1253 guidelines.
• Ensure compliance with DoD Cybersecurity (CS) policy requirements outlined in DoDI 8500.01, DoDI 8510.01, and their successors.
• Integrate with Security Requirements Guide (SRG) and Security Technical Implementation Guides (STIG) development teams to include emerging technologies in the STIG roadmap process.
• Conduct onsite visits and surveys to address security compliance and technical analysis, producing comprehensive reports and recommendations for improvements and enhancements.
• Identify risk areas through implementation shortfalls and develop plans to recommend policy updates, addressing widespread issues and exceptions to policy.
• Participate in working groups, forums, and direct interactions to gather information for research and analysis in support of RMF and continuous monitoring.
• Standardize forms and integrate with continuous Authorization to Operate (cATO) and RMF emerging technology efforts to reduce the burden on mission owners while maintaining security.
• Provide guidance on addressing risks from a mission and business process perspective, ensuring Army CS initiatives align with applicable laws and regulations.
• Support the integration of Operational Technology (OT) into the Army's IT and Network Operations CS capability by tracking emerging tech and working with mission owners.
• Conduct outreach and education on data value and categorization, integrating with various Army data owners to achieve unified end-to-end multi-element asset capabilities.
• Support the Commercial Temporary Exception to Policy (C-TEP) program, creating standardized templates and workflow automation.
• Track tasks and requirements aligned with the Army Data Strategy and Army Directives, representing Army security needs in future strategy and directives.