About Our Team
Our employees thrive in a culture that's fast-paced and ego-free, where innovation and collaboration are encouraged at every turn. We are an organization that provides federal agencies instant access to experienced and talented professionals who understand their unique challenges and know the most efficient ways to address them. We are continually investing in resources and talent, so we stay prepared with specialized teams in place who are experts in creating tailored technologies. Our solutions empower Federal organizations to grow, modernize, and succeed in a rapidly evolving landscape.
We value all voices and want to attract talent from all backgrounds. We're on the lookout for individuals who are passionate about technology and thrive in environments where problem-solving is approached with creativity and enthusiasm. If you're someone who enjoys continuously expanding your skill set while tackling real-world business problems, you'll feel right at home with us. Veterans and military spouses are especially encouraged to bring your unique and valuable experience to our team.
About the Role
We are seeking an experienced Senior RMF & ATO Security Engineer to serve as the technical cybersecurity lead responsible for implementing and maintaining Risk Management Framework (RMF), Authorization to Operate (ATO), and continuous monitoring activities supporting a mission-critical cloud-native platform within the Department of Veterans Affairs (VA).
This is a hands-on engineering role that partners closely with Cloud Engineers, DevSecOps Engineers, Site Reliability Engineers, Solution Architects, and Government cybersecurity stakeholders to integrate security throughout the system lifecycle. The Senior RMF & ATO Security Engineer will engineer security controls, automate compliance validation, support secure cloud deployments, and ensure continuous authorization through effective implementation of Federal cybersecurity requirements.
RESPONSIBILITIES
- Implement security controls required throughout the NIST RMF lifecycle.
- Engineer technical solutions supporting Categorize, Select, Implement, Assess, Authorize, and Monitor activities.
- Develop and maintain SSPs, POA&Ms, Security Assessment Reports, contingency plans, and authorization artifacts.
- Implement continuous monitoring processes, vulnerability management, and compliance reporting.
- Integrate SAST, DAST, container scanning, IaC validation, and other security automation into CI/CD pipelines.
- Collaborate with Cloud, DevSecOps, SRE, and software engineering teams to implement secure cloud-native architectures.
- Review AWS and Kubernetes environments for compliance with NIST SP 800-53 and VA security requirements.
- Participate in incident response, root cause analysis, and corrective action implementation.
- Support security audits, assessments, and ATO renewals by producing technical evidence and documentation.
- Mentor junior engineers on RMF implementation and cloud security best practices.
TAG: #LI-I4DM
TAG: INDMJC
RequirementsQUALIFICATIONS
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field.
- 7+ years supporting RMF, ATO, cybersecurity engineering, or cloud security in Federal environments.
- Strong knowledge of NIST SP 800-53, RMF, FISMA, HIPAA, and VA cybersecurity requirements.
- Experience with AWS, Kubernetes, Docker, Terraform, and CI/CD security integration.
- Experience with vulnerability management, POA&M tracking, and continuous monitoring.
- CISSP, CISM, or equivalent certification.
- Eligible to obtain and maintain a Public Trust clearance.
PREFERRED QUALIFICATIONS
- AWS GovCloud experience.
- Experience with eMASS, SNOWCAM, Nessus, Security Hub, GuardDuty, Vault, Prometheus, Grafana, ELK, or Splunk.
- Experience securing healthcare platforms handling PHI.
- Experience supporting Kafka/MSK and event-driven architectures.
- teams.
- Identify and mitigate risks related to deployment, security, and system availability.
Skills Required
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related field
- 7+ years supporting RMF, ATO, cybersecurity engineering, or cloud security in Federal environments
- Strong knowledge of NIST SP 800-53, RMF, FISMA, and HIPAA
- Experience with AWS, Kubernetes, Docker, Terraform, and CI/CD security integration
- Experience with vulnerability management, POA&M tracking, and continuous monitoring
- Experience integrating SAST, DAST, container scanning, and IaC validation into CI/CD pipelines
- CISSP, CISM, or equivalent certification
- Eligible to obtain and maintain a Public Trust clearance
- AWS GovCloud experience
- Experience with eMASS, SNOWCAM, Nessus, Security Hub, GuardDuty, or Vault
- Experience with Prometheus, Grafana, ELK, or Splunk
- Experience securing healthcare platforms handling PHI
- Experience supporting Kafka/MSK and event-driven architectures
What We Do
Ready to advance your career as an agent of change? View our available positions at i4dm.com/resourcing/careers or forward your resume to [email protected]. i4DM is a full-service information technology firm that believes in the versatility of IT. i4DM was founded in 2002 by Michael Peart and partner Ben Hannon. Forged together by Michael’s military background and Ben’s passion for technology, they created a company grounded in military values, dedicated to serving clients through innovation and strategy. With a client-first approach, the team is equipped with the necessary certifications and skill sets to serve all industries. Through market expansion, joint ventures, and new locations, i4DM has grown into an industry leader that revolutionizes the way information technology is leveraged by clients to accomplish their missions. i4DM is passionate about empowering clients’ information technology to incite change, increase productivity, and keep them one step ahead in a dynamic market. Aiming for excellence, and delivering innovation, they go beyond the routine and create entirely customized solutions. They believe in the spirit of collaboration, exploring the line of the unknown, and pushing the boundaries of what’s possible with technology solutions








