Security​/RMF Specialist

Information Security Analyst, Information Assurance/RMF

Active Secret Required
Hybrid schedule
CISSP, CAP, or CISM certification required

• Support the execution of the full cybersecurity and RMF lifecycle for DoD and Federal systems, with emphasis on security control implementation, assessment, authorization, and continuous monitoring activities.
• Perform vulnerability scanning and compliance validation, including, but not limited to, ACAS scanning, STIG assessments, SCAP validation, and configuration compliance checks.
• Analyze vulnerability scan results, identify false positives, assess risk severity, and support remediation planning in coordination with engineering and operations teams.
• Track, document, and manage remediation activities and Plans of Action and Milestones (POA&Ms) through closure, ensuring alignment with mandated timelines and risk tolerance.
• Support RMF authorization activities, including initial ATOs, ATO renewals, significant change packages, and continuous authorization (cATO) efforts.
• Support and execute Information Security Continuous Monitoring (ISCM) activities, including vulnerability trend analysis, control effectiveness validation, configuration drift monitoring, and security posture reporting.
• Support the implementation and monitoring of Zero Trust security principles at a system level, including identity awareness, least privilege access, and continuous validation of users, devices, and workloads.
• Prepare, review, and maintain cybersecurity and authorization artifacts in eMASS, including, but not limited to:
  • System Security Plans (SSPs)
  • Security Assessment Reports (SARs)
  • Plans of Action and Milestones (POA&Ms)
  • Control implementation narratives and supporting evidence packages
• Conduct security control assessments and support independent verification and validation activities.
• Assist with the implementation and maintenance of security controls aligned with NIST SP 800-53 and DoD cybersecurity requirements.
• Coordinate with system owners, cybersecurity engineers, and program leadership to communicate security findings, risks, and remediation status.
• Support cybersecurity audits, inspections, and Cyber Operational Readiness Assessments (CORA), ensuring accurate documentation and evidence traceability.
• Assist in maintaining compliance with applicable cybersecurity policies, including FISMA, DoD RMF, DoD Zero Trust guidance, and the DoD Cloud Computing Security Requirements Guide (CC SRG).

• Active Secret clearance required.
• Five or more years of experience in information security, information assurance, or cybersecurity operations, with experience supporting RMF-based programs.
• Hands-on experience performing vulnerability scanning and compliance assessments using tools such as ACAS, STIG Viewer, and SCAP Compliance Checker.
• Experience supporting RMF documentation and authorization packages, including SSPs, SARs, and POA&Ms.
• Working knowledge of NIST SP 800-53, NIST RMF, and DoD cybersecurity policies.
• Experience using eMASS to support RMF lifecycle activities and track authorization artifacts.
• Familiarity with cloud security concepts and environments such as AWS Gov Cloud or Microsoft Azure Government.
• One or more cybersecurity certifications required, including CISSP, CCSP, CISM, and CASP+ (Renamed Security
  
  X)

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or a related field.

NIS is an IT and Management consulting company that is a CVE-verified Service-Disabled Veteran-Owned Small Business. Our mission is to deliver value-added services to our customers, leveraging technology, people, and industry best practices to implement innovative solutions through our trusted employees and team members.

Our benefits package includes medical, dental, and vision insurance, life and disability insurance, 401(k) plan with employer match, paid holidays, PTO (sick/vacation), commuter benefits, employee assistance program (EAP), educational reimbursement, and Pet Insurance.

Nationwide IT Services, Inc. provides equal employment opportunities (EEO) to all qualified applicants regardless of race, color, religion, sex, national origin, sexual orientation, gender identity, genetics, disability, or protected veteran status.