Software Systems Engineer III

We are seeking a Software Systems Engineer – RMF to join our cybersecurity engineering team supporting U.S. Navy programs. In this role, you will lead the end-to-end Risk Management Framework (RMF) lifecycle for multiple Navy information systems, supporting authorization efforts from categorization through authorization and continuous monitoring. You will play a critical role in developing, maintaining, and defending Authorization to Operate (ATO) packages while ensuring systems meet evolving cybersecurity and compliance requirements.

The ideal candidate will bring expertise in RMF implementation, NIST SP 800-53 security controls, vulnerability management, and secure systems engineering principles. This position is ideal for a cybersecurity professional who enjoys solving complex security challenges, managing concurrent authorization efforts, and collaborating across technical and program teams in fast-paced Agile environments.

This is a full-time position based in Manassas. U.S. citizenship is required to obtain and maintain a DoD Secret Clearance. The annual base salary is $110,00 – $150,000 with final compensation based on experience and skills. Candidates will be paid within this range based on their work experience and skills.

In addition to a competitive base salary, this position is eligible for a sign-on bonus and a comprehensive benefits package including healthcare benefits (medical, dental, and vision), Flexible Spending Accounts, Life Insurance, 401(k) plan with matching company contributions, paid time off, holidays, and tuition and training reimbursement.

You’ll be responsible for:

• Lead multiple Navy information systems through the full RMF lifecycle. 
• Develop, submit and maintain complete authorization packages including SSPs, SAPs, SARs, RARs, POA&Ms, architectural diagrams, and hardware/software inventories.
• Assess and validate NIST SP 800-53 security controls and develop defensible control implementation narratives to support SCA and AO reviews.
• Implement and validate STIG compliance across operating systems, databases, applications, and network components.
• Conduct vulnerability scanning and analysis using ACAS/Nessus, SCAP Compliance Checker, and related cybersecurity assessment tools.
• Manage POA&M activities including risk characterization, remediation tracking, milestone management, and evidence validation through closure.
• Collaborate with system owners, ISSMs, ISSOs, SCAs, AOs, developers, and engineers to support authorization decisions and continuous monitoring activities.
• Develop and maintain authorization boundary diagrams, system architectures, data flow mappings, and security documentation.
• Support change impact analysis, ongoing authorization activities, and continuous monitoring strategies across multiple systems.
• Integrate cybersecurity and assessment activities into Agile development and DevSecOps workflows where applicable.

Required Skills:

• Must be a U.S. Citizen with the ability to obtain and maintain a DoD Secret security clearance; active Secret clearance preferred.
• Bachelor’s degree in Cybersecurity, Computer Science, Systems Engineering, Information Technology, or related technical field; equivalent experience may be considered in lieu of a degree.
• 5–7 years of direct, hands-on RMF execution experience for DoD or Navy systems, including security control implementation, assessment, evidence development, and CCI-level validation.
• Hands-on experience running, analyzing, and reporting on ACAS/Nessus vulnerability scans.
• Experience applying and assessing STIGs across OS, application, and network technologies (not just reviewing results).
• Demonstrated proficiency operating in eMASS, including package creation, control inheritance, artifact uploads, and workflow management.
• Proven ability to develop complete RMF artifacts including SSPs, SAPs, SARs, RARs, POA&Ms, and supporting evidence.
• Strong understanding of NIST SP 800-53 Rev 4/5 control families, assessment procedures, and documentation of technical control implementations.

Preferred Skills:

• Experience supporting Navy RMF implementations, NAVSEA processes, or Navy-specific authorization workflows.
• Proficiency with eMASS and VRAM.
• Experience supporting DoD cloud authorization efforts including IL4–IL6 or FedRAMP environments.
• Familiarity with Kubernetes, OpenShift, container security, or DevSecOps CI/CD pipelines.
• Relevant certifications such as Security+, CISSP, CAP, CISM, or AWS Security certifications.
• Experience supporting SCA evaluations or serving as an ISSE or ISSM.
• Strong organizational skills with the ability to independently manage multiple priorities and concurrent efforts.
• Effective collaboration, analytical thinking, and problem-solving skills.