RMF Security Engineer - Active DoD Top Secret

  • Alexandria, VA
  • Posted 2 days ago | Updated 21 hours ago

Overview

On Site
Depends on Experience
Full Time

Skills

Current & Active DoD Top Secret
8570-8140 Compliant IAT Level II (CompTIA Security+CE or similar)
Minimum of 5 years of experience in information security
focusing on risk management and compliance
Strong understanding of the RMF process and NIST standards
Experience with DevSecOps practices and tools (e.g.
CI/CD pipelines
IaC
security automation)

Job Details

PRISM seeks an RMF Security Engineer with DevSecOps experience, you will play a critical role in ensuring the security and compliance of our information systems throughout the development lifecycle. You will implement and maintain the Risk Management Framework (RMF) process, conduct security assessments, and integrate security controls.

Responsibilities:

  • RMF Implementation:
    • Drive the implementation of the RMF process across the organization, ensuring adherence to NIST standards and best practices.
    • Conduct risk assessments to identify and evaluate potential threats and vulnerabilities.
    • Develop comprehensive security plans, including system security (SSPs) and contingency plans.
  • DevSecOps Integration:
    • Integrate security controls into our DevOps pipeline, such as automated testing, code scanning, and configuration management.
    • Collaborate with development and operations teams to ensure security is a top priority throughout the software development lifecycle.
  • Security Assessments:
    • Perform vulnerability scans and penetration testing to identify and mitigate security risks.
    • Conduct continuous monitoring and auditing of systems to ensure compliance with security requirements.
    • Analyze security incidents and implement corrective actions to prevent future occurrences.
  • Compliance Management:
    • Ensure compliance with relevant security regulations, standards, and policies, such as NIST 800-171, FedRAMP, and PCI DSS.
    • Maintain up-to-date documentation and evidence to support compliance audits and certifications.
  • Security Awareness:
    • Develop and deliver security awareness training programs to educate employees about security best practices and threats.
    • Promote a security-conscious culture within the organization.

Qualifications:

  • Current & Active DoD Top Secret
  • Bachelor's degree in Computer Science, Information Systems, or a related field.
  • 8570-8140 Compliant IAT Level II (CompTIA Security+CE or similar)
  • Minimum of 5 years of experience in information security, focusing on risk management and compliance.
  • Strong understanding of the RMF process and NIST standards.
  • Proficiency in security assessment tools and techniques.
  • Experience with DevSecOps practices and tools (e.g., CI/CD pipelines, IaC, security automation).
  • Excellent written and verbal communication skills.
  • Ability to work independently and as part of a team.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.