Cybersecurity SME (RMF)

Company: Defense Unicorns
Location: Remote (USA)
Salary: $148,750—$201,250 USD
Travel: 10-15% (3-4 times per year)

Employer Information

• CONTRACTOR FOR THE U.S. GOVERNMENT. THIS POSITION WILL REQUIRE U.S. CITIZENSHIP.

Role Description

As a cybersecurity SME within Delivery at Defense Unicorns, you will own all aspects of the RMF process from accreditation of the platform for our mission heroes. You will champion modern, continuous security implementations within DoD environments and systems, aiming to accelerate the FedRamp and ATO process while improving our security posture. Your goal is to shift from security theater to responsive and resilient systems. While working within existing DoD processes, you will collaborate with engineers to find the best paths forward and contribute to mission capabilities and open-source solutions.

Responsibilities

• Lead and pathfind the effort to achieve accreditation in accordance with NIST-800 series requirements.
• Develop and implement cybersecurity policies, procedures, and controls necessary to meet FedRamp and DoD accreditation standards.
• Conduct comprehensive risk assessments and vulnerability analyses to identify potential security threats and mitigate risks.
• Collaborate with cross-functional teams (software developers, system architects, Government stakeholders) to integrate cybersecurity measures into the software development lifecycle.
• Perform security testing and evaluation of our software platform (STIGs, ACAS, CI/CD security testing, etc.) to identify vulnerabilities and weaknesses.
• Provide guidance and support for continuous monitoring and maintenance of cybersecurity controls.
• Prepare and maintain documentation for the accreditation process, including System Security Plans (SSPs), Security Assessment Reports (SARs), and other relevant artifacts.
• Stay up-to-date with evolving cybersecurity threats, technologies, and regulations.
• Serve as a subject matter expert on cybersecurity best practices, standards, and procedures.
• Support automated Compliance-as-Code capabilities that continuously evaluate the cybersecurity posture of the tech stack.

Note: The listed responsibilities are not exhaustive and additional responsibilities may be assigned.

Preferred Experience and Qualifications

• Proven experience in cybersecurity engineering, with a focus on achieving accreditation for software systems within the DoD environment.
• Proven track record of thinking outside the box and pushing the boundaries of the RMF/FedRamp/ATO status quo.
• In-depth knowledge of NIST-800 series standards, particularly NIST-800-53, and experience applying them for accreditation.
• Skilled at translating technical implementation (IaC, CoC) into verifiable eMASS security control responses for Approving Officials.
• Strong understanding of cybersecurity principles, technologies, and best practices (encryption, authentication, access control, secure coding).
• Hands-on experience with security assessment tools and techniques (vulnerability scanning, security analysis).
• Familiarity with Agile and DevSecOps methodologies.
• Excellent analytical and problem-solving skills.
• Effective communication and interpersonal skills, with the ability to collaborate and communicate technical concepts to non-technical stakeholders.
• Eligibility to obtain and maintain a DoD security clearance.
• Eligibility to obtain and maintain privileged access in a Government Cloud Environment.

Desired Experience

• Experience building and supporting platform authorizations for FedRamp High.
• Experience building and supporting continuous authority to operate (cATO) packages within the DoD.
• Experience with Open Security Controls Assessment Language (OSCAL).
• Ability to use OSCAL to manage control implementation and statements as “compliance as code.”
• Understanding of how products and deployments affect the OSCAL lifecycle.
• Familiarity with Department of the Air Force (DAF) security approval processes (AFI 17-101).
• Familiarity with DAF Gov Cloud offerings and inherited controls.
• Familiarity with the Cloud Computing Security Requirements Guide (CCSRG).
• Experience working in a remote team or asynchronous work environment.

Who We Are

Defense Unicorns delivers mission value by streamlining software delivery. We share a vision of freedom and security for progress and innovation, committed to speed, user experience, and optionality without compromising security. Our team comprises innovators, software engineers, and veterans with extensive experience in federal technology programs.

What We Do

We create and deliver secure solutions for continuous software integration and delivery, consolidating best practices for security pipelines, testing, and deployment automation. Our solutions are agnostic, aiming to improve the security and consumability of commercial software products for enterprise customers.

What We Work On

• Kubernetes
• Cloud Environments (AWS/GCP and Azure)
• Infrastructure-as-code (Terraform/Pulumi)
• Continuous Delivery and automation tooling
• GitOps
• Containers
• CNCF projects and open-source products
• Helm/Kustomize-Value Stream Mapping
• Building and improving security delivery
• Building Kubernetes and cloud-native applications

Benefits Our Unicorns Enjoy

Health:

• Medical/Dental/Vision (100% Company Paid Premiums)
• Health Savings Account
• Life Insurance
• Disability Insurance

Financial:

• 401k Retirement Plan
• Company Stock Options
• Home Office Budget

Leave:

• Flexible Time Off (FTO) + Federal Holidays, Thanksgiving week, Christmas/New Year's weeks.
• Paid Parental Leave

Learning:

• Reimbursement for approved trainings/subscriptions.
• Conferences (travel, lodging, and fees).

Equal Opportunity Employer

Defense Unicorns is an equal opportunity employer. We encourage applications from candidates who may not meet every listed qualification. We are committed to diversity and believe that diverse teams build better products.