Security / RMF Lead

1 month ago
Full-time
Senior
Cybersecurity
Essnova

Essnova

Essnova is a mature small business providing a broad range of technology and programmatic support services to governmental and commercial customers. Specializing in SETA Services, Geospatial, Environmental, and Medical Services, Essnova offers highly e...

Internet Software & Services
11-50
Founded 2005

Description

  • Maintain System Security Plans (SSPs) as living documents and update them after security-impacting changes.
  • Manage Plan of Action & Milestones (POA&Ms), including quarterly reviews, closure evidence, and remediation tracking.
  • Remediate vulnerabilities within required timelines and provide retesting evidence through closure.
  • Prepare Authorization to Operate (ATO) packages, including SSPs, POA&M status, assessment results, and risk analysis.
  • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools.
  • Submit monthly authenticated vulnerability and application scan results by the fifth business day.
  • Coordinate with developers, system owners, security staff, and CDC/NCHS stakeholders on security and compliance activities.
  • Follow CDC change management procedures and perform security impact analysis for post-ATO changes.
  • Support RMF, FISMA compliance, OMB directives, and related governance/stage-gate security artifacts.
  • Lead SSP development during transition-in and support SSP submission within 30 days of contract award.
  • Support PTA/PIA activities with CDC privacy officials.

Requirements

  • Bachelor's degree in cybersecurity, information assurance, computer science, or a related field.
  • 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37).
  • Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems.
  • Experience using vulnerability scan results to track remediation to closure, including retesting evidence, in a federal environment.
  • Hands-on experience with federal security management tools such as CSAM and eMASS.
  • Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A.
  • Knowledge of FISMA 2014 reporting and OMB security directives.
  • Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes.
  • Experience coordinating with federal ISSOs/CISOs and security authorization officials.
  • Active Tier 4 / High Risk / Public Trust Level clearance at proposal submission.
  • Eligibility for HSPD-12/PIV.
  • Availability to work during Eastern Time (ET) business hours.
  • CISSP, CISM, or CAP certification, or an equivalent credential, preferred.
  • Experience supporting CDC, HHS, or other federal health agencies, preferred.
  • Experience with CIPSEA-protected data environments or federal statistical agencies, preferred.
  • Experience with FedRAMP continuous monitoring and cloud security assessment, preferred.

Benefits

  • Medical, dental, and vision insurance.
  • 401(k) with company match.
  • Paid time off plus federal holidays.
  • Fast-track growth in a high-accountability culture.
  • High-ownership environment where individual contributions are visible.
  • Direct access to leadership with minimal bureaucracy.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Principal AI Security Specialist

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead enterprise AI security conversations and help customers securely adopt GenAI across complex technical and sales engagements.

Cybersecurity Generative AI LLM
1 day, 15 hours ago

Principal AI Security Specialist - West

Zscaler 1K-5K Internet Software & Services

Zscaler is hiring a Principal AI Security Specialist to lead enterprise-facing AI security conversations and help customers securely adopt GenAI across complex environments.

Cybersecurity Generative AI LLM
1 day, 15 hours ago

Digital Privacy, Trust & Safety Consultant

Coalfire 251-1K Internet Software & Services

Coalfire is hiring a Digital Privacy, Trust & Safety Consultant to perform independent audits and technical testing of digital platforms against global privacy, trust, safety, and regulatory requirements.

Cybersecurity
3 days, 16 hours ago

Staff Red Team Engineer, Discovery

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is seeking a Staff Red Team Engineer to independently pressure-test and strengthen software-defined, AI-native defense systems across space, missiles, air, autonomy, sensors, and cyber domains.

Machine Learning MATLAB NumPy Python Reinforcement Learning SciPy
3 days, 16 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers