user avatar

Cyber RMF Lead

Core4ce

Today
Secret
Unspecified
Unspecified
IT - Software
Remote/Hybrid (Off-Site/Hybrid)
Core4ce is seeking a Cybersecurity Risk Management Framework (RMF) Lead that will serve as the senior authority for all RMF activities across a large Defense Health Agency (DHA) program. This role provides leadership, oversight, and technical expertise to ensure compliance for one of DHA's largest commercial and on-premises cloud platforms, spanning Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and additional Department of Defense (DoD)-approved providers. The Cyber RMF Lead will manage the full RMF lifecycle, from initial categorization through continuous monitoring, while coordinating across engineering, security, and Government stakeholders to maintain Authority to Operate (ATO) status and advance DHA's cloud modernization mission.

Responsibilities
  • Lead all RMF efforts ensuring compliance with DoD, DHA, and the National Institute of Standards and Technology (NIST) Special Publication 800-53 standards.
  • Oversee preparation, submission, and maintenance of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Security Assessment Reports, and Enterprise Mission Assurance Support Service (eMASS) records.
  • Coordinate RMF activities across multiple hosting environments, including AWS, Microsoft Azure, Oracle Cloud, and on-prem datacenter infrastructure.
  • Serve as the primary liaison with DHA Authorizing Officials (AOs), Security Control Assessors (SCAs), and cybersecurity leadership.
  • Guide engineering and operations teams to ensure that platform architectures and configurations align with RMF control requirements.
  • Support continuous monitoring by overseeing vulnerability management, security control validation, and audit readiness.
  • At least one relevant industry certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP), AWS Certified Cloud Practitioner, Project Management Institute - Agile Certified Practitioner (PMI-ACP), VMware Certified Associate - Cloud (VCA-C), VMware Certified Associate - Data Center Virtualization (VCA-DCV), Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK).


Required Qualifications
  • Active DoD Secret clearance (or ability to obtain and maintain).
  • Bachelor's degree in Cybersecurity, Information Systems, or related field (or equivalent experience).
  • 10+ years of professional experience in cybersecurity, with 5+ years focused on RMF leadership.
  • In-depth understanding of NIST Special Publication 800-53, DoDI 8510.01 (RMF for DoD IT), Security Technical Implementation Guides (STIGs), and Defense Information Systems Agency (DISA) Security Requirements Guides (SRGs).
  • Hands-on experience securing and accrediting cloud platforms (AWS GovCloud, Azure Government, Oracle Cloud, and hybrid/on-premises architectures).
  • Proven track record of obtaining and maintaining Authority to Operate (ATO) in complex DoD or DHA environments.
  • Strong background in security documentation management, including eMASS workflows.


Preferred Qualifications
  • At least one relevant industry certification such as Project Management Institute - Project Management Professional (PMI-PMP) or similar certification.
  • Prior experience in DHA or broader DoD healthcare IT programs.
  • Familiarity with Development, Security, and Operations (DevSecOps) practices and integration of RMF compliance into Continuous Integration/Continuous Deployment (CI/CD) pipelines.


Why Work for Us?

Core4ce is a team of innovators, self-starters, and critical thinkers-driven by a shared mission to strengthen national security and advance warfighting outcomes.

We offer:
  • 401(k) with 100% company match on the first 6% deferred, with immediate vesting
  • Comprehensive medical, dental, and vision coverage-employee portion paid 100% by Core4ce
  • Unlimited access to training and certifications, with no pre-set cap on eligible professional development
  • Tuition assistance for job-related degrees and courses
  • Paid parental leave, PTO that grows with tenure, and generous holiday schedules
  • Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.


Join us to build a career that matters-supported by a company that invests in you.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
group id: 10488887
N
Name HiddenRecruiter
Find Core4ce on Social Media
XXother imageOther
Network Employers
user avatar
About Us
Core4ce is a cybersecurity company that serves as a trusted partner to the national security community. We specialize in building, modernizing, and defending our nation’s digital infrastructure. We assemble highly experienced teams who counter global threats and design resilient networks, systems, and applications. We earn the respect of our partners by boldly investing in innovation and delivering on our commitments. By honing our expertise across four core disciplines – cyber operations, digital modernization, engineering, and analysis –we're developing solutions and delivering lasting mission advantage for our customers.
See Core4ce profile

Core4ce Jobs

Job Category
IT - Software
Clearance Level
Secret
Employer
Core4ce