Cybersecurity RMF Specialist - CISSP
Apply NowCompany: Herren Associates
Location: Washington, DC 20011
Description:
At Herren Associates, we're focused on driving innovation throughout the Federal landscape and in the business of turning insights into actions. Specializing in Cyber Security, Engineering and Management Consulting, our firm has a passion for fostering career progression and seeks to align motivated professionals with rewarding homes for their careers. With over thirty years of experience supporting an array of clients throughout the Public Sector, we welcome you to learn more about our dynamic organization and the role that you can play as we chart out a course for continued impact in the years to come.
We are seeking a highly skilled Cybersecurity Risk Management Framework (RMF) Specialist to provide on-site cybersecurity compliance, risk assessment, and risk mitigation support for Navy systems and networks. This is an onsite position based out of the Washington, D.C. Navy Yard and the ideal candidate will have extensive experience with Department of the Navy cybersecurity policies and processes, a CISSP certification, and expertise in implementing NIST, DoD, and NAVSEA RMF standards. This role requires close collaboration with NAVSEA, NIWC, or other Navy cybersecurity organizations to ensure compliance with DoD 8510.01 (RMF for DoD IT), NIST 800-53, and other relevant cybersecurity policies.
Key Responsibilities:
Required Qualifications:
Herren Associates is an Equal Opportunity Employer.
We are seeking a highly skilled Cybersecurity Risk Management Framework (RMF) Specialist to provide on-site cybersecurity compliance, risk assessment, and risk mitigation support for Navy systems and networks. This is an onsite position based out of the Washington, D.C. Navy Yard and the ideal candidate will have extensive experience with Department of the Navy cybersecurity policies and processes, a CISSP certification, and expertise in implementing NIST, DoD, and NAVSEA RMF standards. This role requires close collaboration with NAVSEA, NIWC, or other Navy cybersecurity organizations to ensure compliance with DoD 8510.01 (RMF for DoD IT), NIST 800-53, and other relevant cybersecurity policies.
Key Responsibilities:
- Lead Risk Management Framework (RMF) implementation for Navy systems, ensuring compliance with DoD, NAVSEA, and DON cybersecurity policies.
- Conduct system security assessments, vulnerability management, and risk analysis to support Authority to Operate (ATO) package development.
- Develop and maintain RMF artifacts, including System Security Plans (SSP), Security Control Traceability Matrices (SCTM), and Plans of Action & Milestones (POA&M).
- Perform continuous monitoring activities, ensuring cybersecurity compliance through security controls assessments and STIG compliance validation.
- Provide cyber risk mitigation strategies, recommendations, and corrective actions based on NIST 800-53, CNSSI 1253, and DoD cybersecurity frameworks.
- Support NAVSEA and/or NIWC leadership with RMF policy interpretation and implementation guidance.
- Collaborate with cybersecurity and engineering teams to integrate security into system architectures.
- Assist in preparing for Navy cybersecurity inspections, audits, and cyber readiness reviews.
- Maintain up-to-date knowledge of evolving cyber threats, Navy cybersecurity policies, and emerging RMF best practices
Required Qualifications:
- Active CISSP certification (Certified Information Systems Security Professional).
- 5-10+ years of experience in cybersecurity with a focus on RMF compliance in the Navy/DoD environment.
- Experience supporting NAVSEA, NIWC, or other Navy cybersecurity organizations.
- Strong knowledge of DoD RMF, DoD 8510.01, NIST 800-53, NIST 800-37, CNSSI 1253, and DoD STIGs.
- Experience with eMASS, ACAS, Nessus, HBSS, or other DoD cybersecurity tools.
- Familiarity with classified and unclassified Navy networks (e.g., NMCI, DODIN, ONE-Net, RDT&E).
- Active Secret clearance required.
Herren Associates is an Equal Opportunity Employer.