ISSE - RMF Compliance (Hybrid 2 days onsite) with Security Clearance

RMF & Compliance (Risk Management Framework)• Lead the RMF lifecycle (Primarily steps 1–3) to obtain and maintain Authorization to Operate (ATO) for complex cloud based systems and IT infrastructures.• Develop and maintain System Security Plans (SSP), Security Assessment Plans (SAP), and Plans of Action and Milestones (POA&M) within eMASS.• Conduct automated and manual security testing using tools such as SCAP Compliance Checker (SCC) and STIG Viewer to ensure 100% compliance with DISA Security Technical Implementation Guides (STIGs).• Conduct cyber risk reviews, using your experience and knowledge to aid our customer in providing recommendations for various tasks to ensure a proper level of risk management is put forward.Technical Leadership & Collaboration• Serve as the primary technical liaison between the Program Management Office (PMO) and the Security Control Assessor (SCA).• Review and approve Engineering Change Requests to ensure that system modifications do not negatively impact the established security posture.• Mentor junior security staff on the application of CNSSI 1253 and NIST SP 800-53 security controls.System Interconnection & Governance• Coordinate Interconnection Security Agreements (ISA): Lead the technical and administrative effort to establish ISAs between the customer and external DoD or Federal agencies, ensuring that joint security requirements are clearly defined and met.• Develop MOU/MOA Documentation: Author and negotiate Memorandum of Understanding (MOU) and Memorandum of Agreement (MOA) documents to codify the terms, conditions, and security responsibilities for shared resources or cross-organizational system access.• Provide Security Leadership: Act as the customer's primary security advocate during high-level meetings, ensuring that all interconnection agreements maintain the system's security boundary and do not introduce unacceptable risk.• Inter-Agency Liaison: Facilitate technical discussions between disparate engineering teams to resolve security conflicts during the drafting and approval process of governance documents.Configuration & Change Management• Participate in Configuration Control Board (CCB) & CLA Reviews: Act as the lead security representative during Configuration Literacy/Level Assessment (CLA) reviews to ensure proposed changes are scrutinized for security impact.• Perform Security Impact Analysis: Evaluate Engineering Change Proposals (ECPs) and system baseline modifications during CLA sessions to prevent "scope creep" from degrading the system's security posture.• Lifecycle Traceability: Ensure that all changes approved during CLA reviews are accurately reflected in the RMF documentation, including updated System Security Plans (SSP) and network diagrams.Strategic Security Oversight• Standardize Security Governance: Establish standard operating procedures (SOPs) for how the customer manages and renews ISAs/MOUs to ensure continuous compliance and avoid lapsed authorizations.• Risk Evaluation for Shared Services: Analyze the risk of connecting to external Service Providers (e.g., DISA Cloud, AWS GovCloud) and provide the Customer with a clear roadmap for secure integration.