RMF Risk Assessor

Dark Wolf Solutions is seeking an experienced RMF Security Assessor with expertise in the Risk Management Framework (RMF) to join our team. The successful candidate will have a strong understanding of security risks and compliance requirements, particularly within the Defense Industrial Base (DIB). As a Security Assessor, you will leverage your Risk Management Framework (RMF), risk assessment methodologies, and vulnerability management experience to help our client streamline processes, improve systems, and enhance product delivery and lifecycle management. This role is essential in providing significant impacts to the program, helping teams navigate the cATO and deployment processes efficiently while maintaining high standards of security and compliance.

Key responsibilities may include but are not limited to:

• Applying the Risk Management Framework (RMF) to assess and evaluate DIB organizations and their cloud-based applications.
• Reviewing and analyzing security documentation, including System Security Plans (SSPs), Security Assessment Reports (SARs), and Plans of Action & Milestones (POA&Ms), for RMF compliance.
• Conducting comprehensive risk assessments to identify, analyze, and evaluate cybersecurity risks to DIB organizations, particularly those operating in cloud environments.
• Evaluating vulnerability management programs to determine their effectiveness in identifying and mitigating security weaknesses.
• Assessing Defense Industrial Base (DIB) and potential DIB companies for adherence to Federal cybersecurity policies, standards, and best practices, including but not limited to NIST SP 800-53, NIST SP 800-171, CMMC 2.0, and FedRAMP requirements.
• Overseeing the continuous Authorization to Operate (cATO) assessment process for multiple applications.
• Ensuring applications going into production minimize risk and comply with client and program policies and requirements.
• Assessing and mitigating risks associated with the deployment and operation of applications in cloud environments.
• Collaborating with cross-functional teams to manage the lifecycle of various capabilities, from configuration to enhancement and development.
• Overseeing data management processes to ensure data integrity and security.
• Providing support for ongoing operations and maintenance of systems to ensure security and compliance.
• Applying HCD methodologies to the design and development of products, ensuring user-centric solutions.

Required Qualifications:

• 11+ years of relevant experience in providing RMF expertise and security risk assessments. Emphasis on cloud security.
• Experience in cATO and Fast Track ATO processes and procedures.
• A Certified Kubernetes Administrator (CKA) certification is highly desirable to understand risks in containerized application environments.
• Previous experience in security risk assessment and management, especially in cloud-based systems.
• Ability to meticulously assess security risks and ensure compliance with client and program requirements.
• Strong verbal and written communication skills to effectively collaborate with cross-functional teams and stakeholders.
• Proactive approach to identifying and mitigating risks in systems and processes.
• Bachelor’s in Statistics, Mathematics, Computer Science or another related field
• US Citizenship and ability to obtain a Secret security clearance

Preferred Qualifications:

• DoD experience strongly encouraged, followed by IC and Fed Civilian.
• Experience assessing DIB organizations or working with federal cybersecurity regulations (NIST SP 800-53, NIST SP 800-171, CMMC 2.0, FedRAMP).
• Relevant certifications such as CISSP, CISA, CISM, Security+, or equivalent.
• Experience with vulnerability scanning tools and techniques, including but not limited to Trivy, Sonarqube, and Tenable Security Center.

This position will be a hybrid role based out of multiple hubs including: Herndon, VA,Colorado Springs, CO, Tampa, FL, and Omaha, NE.

The salary range for this position is estimated to be between $130,000.00 - $180,000.00, commensurate on experience and technical skillset.

We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.

We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.