RemoteLeaf Logo
Log in Sign up

Security / RMF Lead

1 hour, 46 minutes ago
United States
Full-time
Senior
Penetration Tester
Cybersecurity
Apply Now
Essnova

Essnova

Essnova is a mature small business providing a broad range of technology and programmatic support services to governmental and commercial customers. Specializing in SETA Services, Geospatial, Environmental, and Medical Services, Essnova offers highly e...

Internet Software & Services
11-50
Founded 2005
View All Jobs 3

Description

  • Maintain System Security Plans (SSPs) as living documents and update them after security-impacting changes.
  • Manage Plan of Action & Milestones (POA&Ms), including quarterly reviews, closure evidence, and remediation tracking.
  • Remediate vulnerabilities within required timelines and provide retesting evidence through closure.
  • Prepare Authorization to Operate (ATO) packages, including SSPs, POA&M status, assessment results, and risk analysis.
  • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools.
  • Submit monthly authenticated vulnerability and application scan results by the fifth business day.
  • Coordinate with developers, system owners, security staff, and CDC/NCHS stakeholders on security and compliance activities.
  • Follow CDC change management procedures and perform security impact analysis for post-ATO changes.
  • Support RMF, FISMA compliance, OMB directives, and related governance/stage-gate security artifacts.
  • Lead SSP development during transition-in and support SSP submission within 30 days of contract award.
  • Support PTA/PIA activities with CDC privacy officials.

Requirements

  • Bachelor's degree in cybersecurity, information assurance, computer science, or a related field.
  • 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37).
  • Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems.
  • Experience using vulnerability scan results to track remediation to closure, including retesting evidence, in a federal environment.
  • Hands-on experience with federal security management tools such as CSAM and eMASS.
  • Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A.
  • Knowledge of FISMA 2014 reporting and OMB security directives.
  • Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes.
  • Experience coordinating with federal ISSOs/CISOs and security authorization officials.
  • Active Tier 4 / High Risk / Public Trust Level clearance at proposal submission.
  • Eligibility for HSPD-12/PIV.
  • Availability to work during Eastern Time (ET) business hours.
  • CISSP, CISM, or CAP certification, or an equivalent credential, preferred.
  • Experience supporting CDC, HHS, or other federal health agencies, preferred.
  • Experience with CIPSEA-protected data environments or federal statistical agencies, preferred.
  • Experience with FedRAMP continuous monitoring and cloud security assessment, preferred.

Benefits

  • Medical, dental, and vision insurance.
  • 401(k) with company match.
  • Paid time off plus federal holidays.
  • Fast-track growth in a high-accountability culture.
  • High-ownership environment where individual contributions are visible.
  • Direct access to leadership with minimal bureaucracy.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

CallTek

Pentest/Retest Operator

CallTek 51-250 Internet Software & Services

This role focuses on penetration testing and vulnerability validation across networks, web applications, APIs, and infrastructure for a security-driven environment.

Philippines Full-time Mid Level Penetration Tester
Active Directory Burp Suite Linux Network Security Nmap Penetration Testing Postman Wireshark
1 hour, 31 minutes ago
AHEAD

Senior Director, Managed Security Services and Solutions Delivery

AHEAD 1K-5K IT Services

AHEAD is hiring a Senior Director, Managed Security Services and Solutions Delivery to lead remote security operations and managed services for enterprise customers.

United States Full-time Lead Operations Manager Penetration Tester
$350k-$400k
CrowdStrike Cybersecurity Elasticsearch Linux SIEM Unix
1 hour, 31 minutes ago
Coalfire

Senior FedRAMP Consultant

Coalfire 251-1K Internet Software & Services

Coalfire is hiring a Senior FedRAMP Consultant to lead cloud security assessment engagements for government and regulated clients, helping them achieve and maintain compliance and authorization outcomes.

United States Full-time Senior Penetration Tester
$86k-$148k
AWS Azure GCP HIPAA
1 hour, 31 minutes ago
PartnerOne

Information Security Manager

PartnerOne 51-250 Media

PartnerOne is seeking an Information Security Manager to lead and mature its enterprise security program, overseeing strategy, operations, and executive reporting across a growing SaaS environment.

Mexico Argentina Brazil Chile Colombia Uruguay Full-time Lead Penetration Tester
Generative AI Penetration Testing
1 hour, 46 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers