Cybersecurity Engineer (RMF/A&A)

*Active Secret Clearance required for consideration*

Zachary Piper Solutions is currently seeking a Cybersecurity Engineer – RMF / A&A to support a critical DoD program based in San Diego, CA. This position is a full‑time, 100% onsite role. The Cybersecurity Engineer will serve as the primary cybersecurity resource overseeing all Risk Management Framework (RMF) and Assessment & Authorization (A&A) activities for a system’s Authority to Operate (ATO). This role is central to securing government systems and ensuring all cybersecurity requirements, controls, and documentation meet Navy and DoD standards.

As a Cybersecurity Engineer, you will independently drive the full ATO lifecycle—developing and maintaining RMF artifacts, managing eMASS packages, validating security controls, and interfacing directly with government cybersecurity stakeholders.

Responsibilities:

Primary RMF / A&A Execution

• Execute RMF activities in compliance with NIST SP 800‑37, DoDI 8510.01, and Navy RMF guidance.
• Develop, update, and maintain A&A artifacts including SSPs, SCTMs, POA&Ms, and supporting documentation.
• Manage and maintain eMASS packages through authorization and continuous monitoring.
• Coordinate with AOs, SCAs, ISSMs, ISSOs, and system engineers to meet ATO milestones.
• Prepare systems for ATO, ATO renewal, and interim authorization activities.
• Track RMF status, deliverables, and deadlines to ensure timely authorization.

Security Control Implementation & Validation

• Validate implementation of NIST SP 800‑53 security controls.
• Support and track DISA STIG implementation and remediation efforts.
• Review system configurations, architecture diagrams, and data flows for compliance.
• Analyze ACAS, SCAP, and similar vulnerability scan results and document corrective actions.
• Maintain accurate, actionable POA&Ms.

Continuous Monitoring & Risk Management

• Develop and maintain continuous monitoring strategies and documentation.
• Track cybersecurity posture and risk metrics for reporting to government stakeholders.
• Support impact analysis for system changes and configuration updates.
• Ensure compliance with enclave‑specific security requirements.

Collaboration & Advisory Support

• Provide cybersecurity guidance to system, network, and cloud engineers.
• Identify gaps and recommend risk mitigation strategies.
• Coordinate with enterprise cybersecurity teams for policy alignment and reach‑back support.
• Support audit readiness, inspections, and compliance reviews.

Requirements:

• 5+ years of experience supporting RMF and A&A processes in DoD environments
• Demonstrated experience independently managing eMASS packages
• Strong working knowledge of NIST SP 800‑53 security controls
• Experience supporting systems through full ATO lifecycle
• Ability to work independently with minimal supervision

Clearance:

• Active Secret clearance required

Certification (IAM Level II – one required):

• CASP+
• CAP
• CISM
• CISSP (or Associate)
• GSLC

Compensation:

• Salary Range: $130,000 – $140,000
• Benefits: Medical, Dental, Vision, 401(k), PTO, Sick Leave as required

This job opens for applications on 03/03/2026. Applications will be accepted for at least 30 days from the posting date.

#LI-CB1

#LI-ONSITE

Keywords: Cybersecurity, RMF, A&A, eMASS, NIST SP 800‑53, DISA STIG, ACAS, SCAP, ATO, Continuous Monitoring, DoD, Navy RMF, Cyber Risk Management, System Security Plan, POA&M, Security Control Assessment, Vulnerability Management, Information Assurance, ISSM, ISSO, Compliance, Security Engineering, Cyber Defense