Core4ce is seeking a Cybersecurity Risk Management Framework (RMF) Lead that will serve as the senior authority for all RMF activities across a large Defense Health Agency (DHA) program. This role provides leadership, oversight, and technical expertise to ensure compliance for one of DHA’s largest commercial and on-premises cloud platforms, spanning Amazon Web Services (AWS), Microsoft Azure, Oracle Cloud Infrastructure (OCI), and additional Department of Defense (DoD)-approved providers. The Cyber RMF Lead will manage the full RMF lifecycle, from initial categorization through continuous monitoring, while coordinating across engineering, security, and Government stakeholders to maintain Authority to Operate (ATO) status and advance DHA’s cloud modernization mission.

Responsibilities

• Lead all RMF efforts ensuring compliance with DoD, DHA, and the National Institute of Standards and Technology (NIST) Special Publication 800-53 standards.
• Oversee preparation, submission, and maintenance of System Security Plans (SSPs), Plan of Action and Milestones (POA&Ms), Security Assessment Reports, and Enterprise Mission Assurance Support Service (eMASS) records.
• Coordinate RMF activities across multiple hosting environments, including AWS, Microsoft Azure, Oracle Cloud, and on-prem datacenter infrastructure.
• Serve as the primary liaison with DHA Authorizing Officials (AOs), Security Control Assessors (SCAs), and cybersecurity leadership.
• Guide engineering and operations teams to ensure that platform architectures and configurations align with RMF control requirements.
• Support continuous monitoring by overseeing vulnerability management, security control validation, and audit readiness.
• At least one relevant industry certification such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Cloud Security Professional (CCSP), AWS Certified Cloud Practitioner, Project Management Institute – Agile Certified Practitioner (PMI-ACP), VMware Certified Associate – Cloud (VCA-C), VMware Certified Associate – Data Center Virtualization (VCA-DCV), Cloud Security Alliance Certificate of Cloud Security Knowledge (CCSK).

Required Qualifications

• Active DoD Secret clearance (or ability to obtain and maintain).
• Bachelor’s degree in Cybersecurity, Information Systems, or related field (or equivalent experience).
• 10+ years of professional experience in cybersecurity, with 5+ years focused on RMF leadership.
• In-depth understanding of NIST Special Publication 800-53, DoDI 8510.01 (RMF for DoD IT), Security Technical Implementation Guides (STIGs), and Defense Information Systems Agency (DISA) Security Requirements Guides (SRGs).
• Hands-on experience securing and accrediting cloud platforms (AWS GovCloud, Azure Government, Oracle Cloud, and hybrid/on-premises architectures).
• Proven track record of obtaining and maintaining Authority to Operate (ATO) in complex DoD or DHA environments.
• Strong background in security documentation management, including eMASS workflows.

Preferred Qualifications

• At least one relevant industry certification such as Project Management Institute - Project Management Professional (PMI-PMP) or similar certification.
• Prior experience in DHA or broader DoD healthcare IT programs.
• Familiarity with Development, Security, and Operations (DevSecOps) practices and integration of RMF compliance into Continuous Integration/Continuous Deployment (CI/CD) pipelines.

Why Work for Us?

 Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes.

We offer:

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.

Join us to build a career that matters—supported by a company that invests in you.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.