RMF Engineer

Location: Suffolk, VA
Company: Innovatus Technology Consulting
Employment Type: Full‑Time
Clearance Requirement: Active or current DoD Secret Security Clearance (minimum)

Innovatus Technology Consulting is a Service‑Disabled Veteran‑Owned Small Business (SDVOSB) delivering mission‑critical IT, cybersecurity, and engineering solutions to Department of Defense and federal customers. With operations in Suffolk, VA, Innovatus supports complex, mission‑focused environments requiring strong cybersecurity governance and Risk Management Framework (RMF) compliance.

Innovatus Technology Consulting is seeking an experienced Risk Management Framework (RMF) Engineer to support system Assessment and Authorization (A&A) activities in accordance with DoD RMF and NIST requirements. The RMF Engineer will be responsible for developing, assessing, reviewing, and maintaining RMF documentation and authorization artifacts throughout the system lifecycle.

This role requires close collaboration with system engineers, cybersecurity personnel, and government stakeholders and includes periodic travel to support program needs.

For systems and components assigned to Innovatus engineers, the RMF Engineer will:

• Assist system and cybersecurity teams in identifying information types, system boundaries, and information flows to support accurate system categorization
• Develop, maintain, and update RMF documentation and required authorization artifacts
• Participate in and support technical and stakeholder collaboration meetings as required
• Provide artifact support and justification for the selection and implementation of applicable security controls
• Develop required documentation and diagrams, including:
  • System Security Plans (SSPs)
  • Contingency Plans (CPs)
  • Continuous Monitoring Strategies and supporting diagrams
• Support the assessment and evaluation of implemented security controls, working with engineering teams to identify gaps or deficiencies
• Assist in developing engineering change recommendations to achieve security control compliance when required
• Create security control test plans, conduct assessments, and evaluate test results for compliance
• Assist in identifying remediations and mitigations for assessment findings
• Conduct thorough final reviews of RMF artifacts, images, documentation, and evidence within eMASS prior to submission
• Support final authorization submissions and address approving authority feedback related to system risk, documentation, and testing results

• Up to 20% travel is required for this role
• Travel locations may include North Carolina, San Diego, CA, and Hawaii, based on program and customer needs

• Active or current DoD Secret Security Clearance
• Experience supporting DoD RMF processes and A&A activities
• Hands‑on experience developing RMF artifacts (SSPs, CPs, control evidence, test plans)
• Familiarity with NIST SP 800‑53, RMF steps, and authorization workflows
• Experience uploading, managing, and validating artifacts in eMASS
• Ability to work collaboratively with engineering, cybersecurity, and government stakeholders
• Strong written communication and technical documentation skills

• Experience supporting DoD research, development, or operational environments
• Experience performing security control testing and assessments
• Understanding of system engineering and configuration/change management
• DoD 8570/8140 certification (e.g., Security , CAP, CISSP)

• Mission‑focused DoD programs with real operational impact
• Supportive, veteran‑driven company culture
• Exposure to complex and evolving security environments
• Stable, long‑term federal work based in Suffolk, VA