RMF Subject Matter Expert

Job Title: RMF Subject Matter Expert

Location: Hanscom Air Force Base

Clearance: Secret - Top Secret Preferred

Program: BLITS 3.0

Company/ Program Description:

Centuria, a Service-Disabled Veteran-Owned Small Business (SDVOSB), has been delivering IT, Engineering, and Scientific solutions to the Federal Government since 2002. During our two decades of service, we have earned the trust and respect of our government clients for the simple reason that we have great people who are experts in their fields and take pride and ownership in everything they do.

BLITS 3.0 PROGRAM DESCRIPTION: This role will be to directly support the mission of the 66th Air Base Group (66 ABG) to secure information and information systems; to support mission success through effective and efficient service delivery; and to sustain required infrastructure and capabilities. As one part of the greater Air Force Information Network (AFIN) enterprise, the 66 ABG Communications and Information Division (66 ABG/SC) has responsibilities in two categories (1) direct actions in support of Hanscom Air Force Base (HAFB) and geographically separated units (GSUs); and (2) indirect actions to support the AFIN enterprise. Successful solutions for this requirement are expected to have strengths in four areas: integration, flexibility, AFIN knowledge, and technical expertise.

POSITION DESCRIPTION: Seeking an experienced RMF Subject Matter Expert (SME) to support the Wing Cyberspace Office (WCSO) in managing and executing DoD Risk Management Framework processes. The role focuses on developing and maintaining RMF packages in eMASS, supporting ATOs, conducting risk assessments, and ensuring compliance with Air Force and DoD cybersecurity requirements. Requires 10+ years of cybersecurity experience with RMF, a Bachelor’s degree (or equivalent), Security+ certification (CISSP preferred), and an active Secret clearance (TS preferred).

Job Responsibilities:

• Serve as the lead RMF Subject Matter Expert supporting the Wing Cyberspace Office (WCSO) for all systems and enclaves within the base enterprise

• Lead the management, implementation, and execution of the Risk Management Framework (RMF) lifecycle (Categorize, Select, Implement, Assess, Authorize, and Monitor) for supported systems

• Develop, maintain, and validate RMF artifacts within Enterprise Mission Assurance Support Service (eMASS) to ensure completeness, accuracy, and compliance with DoD and Air Force requirements

• Provide expert guidance to ISSMs, ISSOs, and system owners on ATO packages, reauthorization efforts, and continuous monitoring strategies

• Ensure continuous compliance with DoD, Air Force, NSA, and NIST cybersecurity policies and directives, including NIST SP 800-53 and DoDI 8510.01

• Conduct risk assessments and security control evaluations, recommending mitigation strategies to reduce risk to acceptable levels

• Review and validate Security Technical Implementation Guides (STIGs), vulnerability alerts, and cybersecurity directives for implementation across supported systems

• Support Authorization to Operate (ATO), Authority to Connect (ATC), and Interim Authorization (IATT) processes as required

• Develop and manage Plans of Action & Milestones (POA&Ms) and track remediation efforts to closure

• Provide direct support during cybersecurity inspections and audits (e.g., CCRI, IG, SAV), including preparation, execution, and remediation

• Advise on system architecture, boundary definitions, and control inheritance to improve RMF efficiency and cybersecurity posture

• Collaborate with network, system, and cybersecurity teams to ensure secure integration and sustainment of systems

• Analyze and report cybersecurity posture metrics and trends, providing recommendations for continuous improvement

• Mentor and provide RMF training and knowledge transfer to cybersecurity staff and stakeholders across the Wing

Job Requirements: 

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or equivalent
• 10+ years of experience in Cybersecurity, with a strong emphasis on Risk Management Framework (RMF) within the DoD or Federal environment
• Extensive experience with DoD RMF processes, ATO lifecycle management, and continuous monitoring
• Demonstrated expertise in eMASS and RMF package development and management

• Strong knowledge of Air Force, DoD, and Federal cybersecurity directives, policies, and instructions

• Hands-on experience conducting security control assessments, vulnerability management, and POA&M tracking

• Experience supporting cybersecurity inspections (e.g., CCRI, IG inspections, SAVs)

• Ability to interpret and implement STIGs, security guidance, and vulnerability remediation requirements

• Strong ability to work independently and collaboratively, providing technical leadership across multiple stakeholders

• Excellent communication skills, with the ability to translate complex cybersecurity concepts into actionable guidance

• CompTIA Security+ certification required (DoD 8570/8140 compliant) - CISSP certification preferred

• Must have an active Secret clearance - Top Secret clearance preferred