Engineer supporting secure development lifecycle processes for product lines in the energy sector. Collaborating with R&D on security requirements and compliance audits.
About the role
- Senior Cybersecurity Documentation Specialist managing Risk Management Framework initiatives for Leidos. Supporting cybersecurity documentation and compliance activities across departments with a focus on national security.
Responsibilities
- Lead Risk Management Framework (RMF) initiatives for Cross Domain Enterprise Services (CDES).
- Support the Multi-Security Level Integration and Test Facility (MSL-ITF) by providing detailed system requirements and continuous monitoring updates.
- Manage and maintain CDES and MSL-ITF Enterprise Mission Assurance Support Service (eMASS) packages.
- Implement tracking and remediation processes to improve vulnerability management timelines.
- Strengthen the overall security posture of the systems.
- Provide compliance insights to the Information System Security Manager (ISSM).
- Conduct regular audits and assessments to ensure compliance with DoD cybersecurity standards.
- Develop and maintain documentation for cybersecurity policies, procedures, and guidelines.
- Collaborate with cross-functional teams to ensure cybersecurity requirements are integrated into all phases of the system lifecycle.
- Ensure accuracy across Plans of Action and Milestones (POA&Ms), Assured Compliance Assessment Solution (ACAS) results, and Security Technical Implementation Guides (STIGs).
- Develop, review, and maintain cybersecurity documentation required for RMF authorization packages (e.g., SSPs, POA&Ms, SARs, policies, and procedures).
- Prepare and maintain Body of Evidence (BOE) artifacts supporting system authorization and continuous monitoring activities.
- Collect and organize BOE results generated by the software team as part of their DevSecOps process.
- Publish, organize, and maintain BOE results in a Government-approved system (such as eMASS or Xacta).
- Ensure cybersecurity documentation aligns with NIST SP 800-53, RMF, and DoD cybersecurity requirements.
- Validate accuracy and completeness of documentation within GRC tools (e.g., eMASS or equivalent).
- Support continuous monitoring documentation updates reflecting system changes, vulnerabilities, and remediation efforts.
- Collaborate with ISSOs, ISSMs, system engineers, DevSecOps teams, and cybersecurity personnel to collect and validate required documentation inputs.
- Support preparation for audits, inspections, and cybersecurity assessments by ensuring documentation readiness and traceability.
- Track and manage documentation updates related to system changes, configuration updates, and security control implementations.
- Develop standard templates, processes, and best practices for cybersecurity documentation management.
- Analyze compliance gaps and support remediation tracking and reporting.
- Support data calls, assessment activities, and RMF lifecycle processes (including Step 0 and ongoing authorization support).
- Prepare reports and documentation to support Government risk-based decision making.
- Participate in SAFe ceremonies including PI Planning, backlog refinement, sprint reviews, and retrospectives.
Requirements
- Active Top Secret (TS) clearance with SCI eligibility.
- Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, Information Systems, Engineering, or related technical discipline OR equivalent training/experience aligned to DoD 8140 pathways.
- 8–12 years of relevant experience supporting cybersecurity documentation, RMF, or compliance activities.
- Minimum of 5 years of experience in cybersecurity documentation and RMF processes.
- At least one of the following foundational qualification pathways consistent with DoD 8140 requirements: Current DoD 8570/8140 baseline certification appropriate for Intermediate Cyber Defense Analyst roles (e.g., CySA+, GCDA, GCIH, or equivalent), Offerings listed in the DoD 8140 Training Repository, Demonstrated equivalent training and experience qualifying under DoD 8140 foundational qualification alternatives.
- Ability to generate, prepare, store, and maintain cybersecurity BOE results.
- Experience in vulnerability management and remediation processes.
- Experience developing and maintaining RMF documentation (e.g., SSPs, POA&Ms, BOE artifacts).
- Experience supporting continuous monitoring and cybersecurity compliance processes.
- Experience working with GRC tools such as eMASS or equivalent.
- Experience supporting cybersecurity audits, inspections, and authorization activities.
- Experience analyzing and applying cybersecurity standards (e.g., NIST SP 800-53, RMF).
- Experience operating within SAFe or Agile frameworks supporting enterprise systems.
Benefits
- competitive compensation
- health and wellness programs
- income protection
- paid leave
- retirement
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Automation Oversight Engineer providing oversight of compliance in automated device configurations for Comcast Business. Managing configuration checks and reporting, ensuring reliable oversight and improvement strategies.
Principal Systems Engineer - Cybersecurity role in protecting our nation's products as part of Integrated Platform Solutions team. Develop solutions utilizing RMF, Anti - Tamper, Software Assurance, and more.
Agent de Sécurité assurant la sécurité des usagers du réseau de transport TBM. Rattaché au Manager de Proximité Sûreté, garantissant la qualité de service public de transport en commun.
Web and Remote Access Security Engineer managing secure remote connectivity solutions. Collaborating across security and networking domains to enable reliable access for global workforce.
Security Officer protecting patients, visitors, and staff at Shriners Hospital for Children in Sacramento. Engaging in various responsibilities related to safety and security on hospital property.
Senior IT Security Administrator supporting IT security operations at Uline. Collaborating with teams to develop security procedures and manage risks effectively.
Security Technician at Presbyterian Healthcare Services ensuring safety through patrols, incident response, and emergency preparedness. Responsibilities include monitoring risks and documenting activities efficiently.
Product Security Engineer at Junglee Games ensuring security is integrated into each stage of the software development lifecycle. Collaborate across teams and harden the security of products and platforms.
Senior Penetration Testing Analyst collaborating with DoD and other teams on cybersecurity solutions. Conducting penetration tests and assessments to enhance security across various environments.