We are an employee-centric company that truly values our team members and the contributions they make to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and on building teams that are and continue to be technically proficient across a broad range of cyber mission areas. OneZero full-time employees receive a highly competitive benefits package including health dental vision and life insurance a 401(k) with company matching paid time off and holidays an employee referral program and educational assistance.Additional details are available on our website: Title: Senior Security Risk Management (RMF) Engineer
Location: On-site in a SCIF in the National Capital Region (NCR) Nebraska Avenue Complex Washington DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hours
Clearance: TS/SCI
Job Summary:
Leads Assessment & Authorization (A&A) risk management and continuous authorizations (cATO) activities to ensure system compliance and security posture across TS/SCI environments.
Education and Experience:
Bachelors degree in Cybersecurity or IT-related field or equivalent years of experience.
Minimum of 10 years of experience in performing Assessments and Authorizations (A&A) and Risk Management Framework (RMF) assessments.
Minimum 5 years of experience with evaluating and conducting A&A assessments of Cross Domain Solutions (CDS) systems to include High-Speed Guard (HSG) systems.
Preferred: Experience with Archer and Atlassian JIRA.
Demonstrated knowledge of Generative AI technologies DHS Gen AI pathways and solutions.
Expert knowledge of National Institute of Standards and Technology (NIST) 800-53 Security and Privacy Controls for Information Systems and Organizations.
Knowledge of NIST SP 800-207 Zero Trust Architecture NIST AI-600-1 Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile NIST Cybersecurity Framework (CSF) and the 18 main controls identified in the Center for Internet Security (CIS) Critical Security Controls.
Experience with classified systems and DHS/IC environments.
AWS CISSP certifications or comparable experience
Essential Duties:
Execute RMF lifecycle activities including categorization control selection and implementation assessment authorization and continuous monitoring.
Develop and maintain A&A/ATO documentation packages including SSPs SARs POA&Ms SOPs and reporting artifacts.
Perform risk assessments identify vulnerabilities and recommend mitigation and corrective action strategies.
Apply NIST RMF CNSSI 1253 and IC security frameworks to support ATO/ATC decision-making.
Coordinate with ISSOs system owners and Authorizing Officials to support authorization and compliance activities.
Develop specialized customer centric Gen AI guidelines for DHS I&A A&A Continuous Monitoring (ConMon) and Plan of Actions and Milestones (POA&M) to include CDS systems.
Collaborate with Archer to identify relevant RMF controls related to both Zero Trust and Gen AI and add controls for monitoring and reporting.
Coordinate with appropriate organizational stakeholders to ensure Zero Trust and Gen AI are both implemented broadly end-to-end across customer environments to include Information System Security Officer (ISSO) supported environments.
Work across government and industry to evaluate and shape RMF and CDS policy around Zero Trust Gen AI and related topics.
OneZero Solutions LLC is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age pregnancy genetic information disability status as a protected veteran or any other protected category under applicable federal state and local laws.
To request an accommodation please contact us at or call .
Required Experience:
Senior IC
We are an employee-centric company that truly values our team members and the contributions they make to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and on building teams that are and continue to be technically proficient across a broad range of ...
We are an employee-centric company that truly values our team members and the contributions they make to our customers and the missions they support. We pride ourselves on being forward-leaning thinkers and on building teams that are and continue to be technically proficient across a broad range of cyber mission areas. OneZero full-time employees receive a highly competitive benefits package including health dental vision and life insurance a 401(k) with company matching paid time off and holidays an employee referral program and educational assistance.Additional details are available on our website: Title: Senior Security Risk Management (RMF) Engineer
Location: On-site in a SCIF in the National Capital Region (NCR) Nebraska Avenue Complex Washington DC (work locations transitioning to ICCB Bethesda / St. Elizabeths). Telework is not authorized; a designated Key Person must be available on-site during core hours
Clearance: TS/SCI
Job Summary:
Leads Assessment & Authorization (A&A) risk management and continuous authorizations (cATO) activities to ensure system compliance and security posture across TS/SCI environments.
Education and Experience:
Bachelors degree in Cybersecurity or IT-related field or equivalent years of experience.
Minimum of 10 years of experience in performing Assessments and Authorizations (A&A) and Risk Management Framework (RMF) assessments.
Minimum 5 years of experience with evaluating and conducting A&A assessments of Cross Domain Solutions (CDS) systems to include High-Speed Guard (HSG) systems.
Preferred: Experience with Archer and Atlassian JIRA.
Demonstrated knowledge of Generative AI technologies DHS Gen AI pathways and solutions.
Expert knowledge of National Institute of Standards and Technology (NIST) 800-53 Security and Privacy Controls for Information Systems and Organizations.
Knowledge of NIST SP 800-207 Zero Trust Architecture NIST AI-600-1 Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile NIST Cybersecurity Framework (CSF) and the 18 main controls identified in the Center for Internet Security (CIS) Critical Security Controls.
Experience with classified systems and DHS/IC environments.
AWS CISSP certifications or comparable experience
Essential Duties:
Execute RMF lifecycle activities including categorization control selection and implementation assessment authorization and continuous monitoring.
Develop and maintain A&A/ATO documentation packages including SSPs SARs POA&Ms SOPs and reporting artifacts.
Perform risk assessments identify vulnerabilities and recommend mitigation and corrective action strategies.
Apply NIST RMF CNSSI 1253 and IC security frameworks to support ATO/ATC decision-making.
Coordinate with ISSOs system owners and Authorizing Officials to support authorization and compliance activities.
Develop specialized customer centric Gen AI guidelines for DHS I&A A&A Continuous Monitoring (ConMon) and Plan of Actions and Milestones (POA&M) to include CDS systems.
Collaborate with Archer to identify relevant RMF controls related to both Zero Trust and Gen AI and add controls for monitoring and reporting.
Coordinate with appropriate organizational stakeholders to ensure Zero Trust and Gen AI are both implemented broadly end-to-end across customer environments to include Information System Security Officer (ISSO) supported environments.
Work across government and industry to evaluate and shape RMF and CDS policy around Zero Trust Gen AI and related topics.
OneZero Solutions LLC is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin age pregnancy genetic information disability status as a protected veteran or any other protected category under applicable federal state and local laws.
To request an accommodation please contact us at or call .