Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Essnova Solutions, Inc.

Security, RMF Lead

Essnova Solutions, Inc.

Security / RMF Lead at Essnova Solutions ensuring federal information systems compliance and security posture. Managing system security plans and risk management framework implementation.

Posted 5/27/2026full-timeRemote • 🇺🇸 United StatesSeniorWebsite

Tech Stack

Tools & technologies
Cyber Security

About the role

Key responsibilities & impact
  • Maintain System Security Plans (SSPs) as living documents for all NCHS systems, ensuring timely updates after security-impacting changes.
  • Manage Plan of Action & Milestones (POA&Ms) with quarterly progress reviews, closure evidence, and remediation tracking.
  • Remediate vulnerabilities within mandated timelines, track findings through closure, and provide retesting evidence.
  • Prepare Authorization to Operate (ATO) packages—including SSPs, POA&M status, assessment results, and risk analysis—for Authorizing Official review.
  • Conduct annual security assessments of one-third-plus-key-controls using CSAM or equivalent tools.
  • Submit monthly authenticated vulnerability and application scan results by the fifth business day.
  • Coordinate among developers, system owners, and security staff, and liaise with CDC CSPO, NCHS SSPO, and CDC Enterprise Architects.
  • Follow CDC CSPO Change Management SOP, including security impact analysis for post-ATO changes.
  • Support implementation of the Risk Management Framework (RMF), FISMA compliance, and OMB directives.
  • Produce security-related EPLC artifacts for governance and stage-gate reviews.
  • Lead SSP development during the 30-day transition-in activation sequence and support SSP submission within 30 days of contract award.
  • Support PTA/PIA activities with CDC privacy officials.

Requirements

What you’ll need
  • Bachelor's degree in cybersecurity, information assurance, computer science, or a related field
  • 6+ years of federal information security experience applying NIST RMF (NIST SP 800-37)
  • Experience developing and maintaining SSPs, POA&Ms, and ATO packages for FIPS 199 Moderate or higher systems
  • Experience using vulnerability scanning results to track remediation to closure (including retesting evidence) in a federal environment
  • Hands-on experience with federal security management tools (CSAM and eMASS)
  • Working knowledge of NIST SP 800-53 Rev. 5 and NIST SP 800-53A
  • Knowledge of FISMA 2014 reporting and OMB security directives
  • Knowledge of Privacy Act and E-Government Act privacy provisions, including PTA/PIA processes
  • Experience coordinating with federal ISSOs/CISOs and security authorization officials
  • Active Tier 4 / High Risk / Public Trust Level 6+ clearance at proposal submission
  • Eligibility for HSPD-12/PIV
  • Availability to work during Eastern Time (ET) business hours

Benefits

Comp & perks
  • Medical, dental, and vision insurance
  • 401(k) with company match
  • Paid time off + federal holidays
  • Fast-track growth in a high-accountability culture

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
system security plansplan of action & milestonesvulnerability remediationauthorization to operate packagessecurity assessmentsrisk management frameworkfederal information securityNIST RMFNIST SP 800-53 Rev. 5federal security management tools
Soft Skills
coordinationcommunicationleadership
Certifications
Bachelor's degree in cybersecurityTier 4 / High Risk / Public Trust Level 6+ clearance