Cybersecurity RMF Subject Matter Expert (SME)

Our customer is seeking a Cybersecurity RMF Subject Matter Expert (SME) to provide advanced expertise in the implementation, execution, and sustainment of the Department of Defense Risk Management Framework (RMF). This role ensures full compliance with DoDI 8510.01, NIST 800-53, and DoD cybersecurity policies across on-premises, hybrid, and cloud environments.

Key Responsibilities:

• Lead RMF activities across all phases: categorization, control selection, implementation, assessment, authorization, and continuous monitoring.

• Prepare, review, and maintain documentation including SSPs, POA&Ms, and SARs.

• Manage compliance within eMASS and support ATO package submissions.

• Apply NIST 800-53, CNSSI 1253, and DISA STIG controls across hybrid and cloud systems.

• Collaborate with engineering and infrastructure teams to embed cybersecurity best practices.

• Support vulnerability management, remediation, and continuous monitoring.

• Coordinate with Security Control Assessors (SCAs) and Authorizing Officials (AOs).

• Develop and deliver RMF training, templates, and process improvements.

Qualifications:

• 15+ years of experience supporting RMF processes as a cybersecurity analyst, ISSO, or SME.

• Minimum 3 years of Federal or DoD experience (military IT experience qualifies).

• Deep understanding of DoDI 8510.01, NIST 800-53, CNSSI 1253, and DISA STIGs.

• Experience using eMASS and applying controls in hybrid or cloud environments (AWS, Azure, Oracle Cloud).

• Excellent communication and stakeholder coordination skills.

Clearance:
Active DoD Secret clearance (or ability to obtain and maintain).