RMF Cybersecurity ISSO/SME 4
Role details
Job location
Tech stack
Job description
KBR is seeking a Cybersecurity Risk Management Framework (RMF) Information System Security Officer (ISSO) to support the DHA Solution Delivery Division (SDD). In this role, you will lead Assessment & Authorization (A&A) activities and guide systems through the RMF lifecycle to achieve and maintain Authorizations to Operate (ATOs) for mission-critical medical systems. You will work closely with engineers, developers, and government stakeholders to ensure compliance with NIST, DoD, and DHA cybersecurity requirements while supporting continuous monitoring and risk management efforts. This 100% remote position requires availability during standard Eastern Time (ET) day shift hours. Join KBR to contribute directly to protecting critical healthcare systems supporting warfighters and their families.
Roles and Responsibilities:
- Manage one or more information systems throughout the full six-step RMF lifecycle, including assessment, authorization, and continuous monitoring activities
- Serve as an RMF Subject Matter Expert (SME), advising stakeholders on cybersecurity compliance, risk posture, and ATO readiness
- Develop, review, and maintain RMF packages and associated documentation, including Security Plans, POA&Ms, Risk Assessment Reports, and security control policies
- Assess system compliance against NIST SP 800-53 controls and DHA RMF requirements as part of self-assessment and annual reviews
- Document and maintain evidence supporting control implementation and compliance
- Lead and participate in A&A and stakeholder meetings to track system status, resolve issues, and drive RMF progress
- Coordinate with engineers and system owners to develop architecture diagrams, system asset inventories, and security policies
- Prepare and deliver status reports to DHA leadership on system authorization and compliance efforts
Requirements
- Active DoD Secret security clearance
- Bachelor's degree in cybersecurity, information technology, or related field with 10+ years of experience; or 18+ years of relevant cybersecurity/IT experience in lieu of a degree.
- DoD Manual 8140.03 (formerly 8570.01)-compliant certification (e.g., Security+, CISSP, CASP+/SecurityX)
- Demonstrated experience performing RMF activities as an ISSO/ISSM/SME, including ATO process support and RMF package development (Security Plans, POA&Ms, architecture diagrams, system security policies, etc.)
- Demonstrated experience assessing and documenting NIST SP 800-53 controls
- Experience using Microsoft Office applications: Word, PowerPoint, Excel, and SharePoint
Preferred Qualifications:
- Experience using eMASS or equivalent compliance-tracking application
- Experience supporting RMF processes under DHA
- Familiarity with ACAS and DISA STIGs/SRGs and tools such as STIG Viewer and SCAP Compliance Checker
- Familiarity with Continuous Monitoring and Risk Scoring (CMRS)
- Experience using Microsoft Project to build Integrated Master Schedules (IMS)
Benefits & conditions
$129,300 - $194,000 a year
AD&D insurance, Health insurance, 401(k) matching, Paid time off, Vision insurance, Dental insurance, Flexible spending account, Life insurance
Full-time
Day shift, Compensation: $129,300.00 - $194,000.00. The salary range posted is based on the national average. The offered rate will be based on the selected candidate's location, knowledge, skills, abilities, and/or experience, contract affordability, and in consideration of internal parity., KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule. We support career advancement through professional training and development.