Job Description: • Own the RMF 'engine room' • Apply DoD cloud security policies and NIST SP 800-53 controls • Develop and maintain RMF artifacts • Execute POA&M management with discipline • Support security change governance activities • Conduct security engineering analysis for cloud-native workloads • Engineer evidence and control health • Integrate security into delivery pipelines • Assist with threat modeling and vulnerability assessments • Partner with system architects and developers to integrate security • Monitor, track, and report security compliance posture • Optimize and automate compliance operations Requirements: • Active Secret clearance • Required security certification: CAP, CASP+ CE, CISM, CISSP (or Associate), GSLC, CCISO • Demonstrated experience supporting or leading DoD RMF for modern systems • Strong working knowledge of NIST 800-53 and practical RMF execution • Hands-on cloud security experience (AWS/Azure/GCP) • Experience with STIG implementation/validation in production environments • Engineering fluency • Strong writing and communication skills • Demonstrated adoption of automation • Cloud certification (e.g., CCSP or cloud provider security/professional certs) Benefits: • Health insurance • 401(k) • Paid time off • Flexible work hours • Professional development opportunities