We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results
Remote New

Cybersecurity / Risk Management Framework (RMF) Lead

Applied Training Solutions
United States
Jul 06, 2026


Position: Cybersecurity / Risk Management Framework (RMF) Lead
Posted: 07/06/2026


Part-Time Cybersecurity / RMF Lead - Classified SaaS Integration

Position Summary

Applied Training Solutions is seeking a part-time Cybersecurity / Risk Management Framework (RMF) Lead to support the integration of a SaaS-based training and simulation product into a government classified network environment and the Joint Staff J7 Joint Live Virtual Constructive (JLVC) framework. This role will provide senior cybersecurity, compliance, and RMF expertise to guide the product through the Authority to Operate (ATO) process, coordinate with government cybersecurity stakeholders, and ensure the SaaS solution satisfies applicable DoD cybersecurity, information assurance, and classified network integration requirements.

The ideal candidate will have direct experience supporting RMF activities for DoD systems, cloud or SaaS environments, classified networks, and systems integrating with joint training, modeling and simulation, or operational networks. This is a part-time role requiring senior-level judgment, strong documentation skills, and the ability to coordinate across technical, programmatic, and government stakeholder teams.

Key Responsibilities

Lead and support the cybersecurity and RMF activities required to integrate a SaaS product into a government classified network environment.

Serve as the primary cybersecurity subject matter expert for the product's RMF package, ATO strategy, and classified network integration requirements.

Support development, review, and maintenance of RMF documentation, including the System Security Plan, security control implementation descriptions, hardware/software inventories, network diagrams, data flow diagrams, boundary diagrams, Plan of Action and Milestones, continuous monitoring strategy, and other required artifacts.

Map product architecture, hosting environment, user roles, data flows, interfaces, APIs, and system components to applicable NIST SP 800-53 security controls and DoD RMF requirements.

Coordinate with the technical team to identify cybersecurity design requirements, security control gaps, technical risks, and remediation actions necessary to support ATO approval.

Support integration planning with the Joint Staff J7 JLVC framework, including cybersecurity considerations related to system interfaces, data exchange, classified environment connectivity, identity and access management, logging, monitoring, and boundary protection.

Advise the program team on cybersecurity requirements associated with SaaS deployment, cloud hosting, containerized or virtualized environments, API-driven integration, classified enclave deployment, and government network connectivity.

Participate in cybersecurity working groups, technical interchange meetings, RMF reviews, ATO planning sessions, and coordination meetings with government cybersecurity personnel, ISSMs, ISSOs, Authorizing Official representatives, network owners, and JLVC technical stakeholders.

Assist with security control assessment preparation, evidence collection, vulnerability management, scan review, remediation planning, and responses to Security Control Assessor or government cyber review comments.

Support development of cybersecurity inputs for schedules, milestones, risk registers, implementation plans, test plans, deployment plans, and program briefings.

Advise leadership on RMF schedule risk, ATO dependencies, classified network integration constraints, and cybersecurity actions required to maintain program execution.

Required Qualifications

Minimum of 7 years of cybersecurity, information assurance, or RMF experience supporting DoD, federal, or classified information systems.

Demonstrated experience leading or materially supporting RMF packages for DoD systems, including preparation of ATO artifacts and coordination with ISSMs, ISSOs, security control assessors, or authorizing officials.

Strong working knowledge of RMF, NIST SP 800-37, NIST SP 800-53, DoD cybersecurity policy, vulnerability management, continuous monitoring, and control implementation documentation.

Experience supporting systems deployed into classified network environments, DoD enclaves, or restricted government networks.

Experience reviewing system architecture, network diagrams, data flows, software inventories, security boundaries, and technical implementation details for cybersecurity compliance.

Ability to translate technical system details into clear RMF documentation and security control narratives.

Ability to work directly with software engineers, system architects, DevSecOps personnel, program managers, and government cybersecurity stakeholders.

Strong written communication skills and ability to produce government-ready cybersecurity documentation.

U.S. citizenship required.

Active Secret clearance required; Top Secret or TS/SCI eligibility preferred.

Preferred Qualifications

Experience with Joint Staff J7, JLVC, joint training environments, modeling and simulation systems, or live/virtual/constructive training architectures.

Experience supporting SaaS, cloud-native, containerized, API-based, or microservices-based systems in a DoD environment.

Experience with classified cloud, IL5/IL6 environments, government-hosted enclaves, Cross Domain Solutions, or integration with DoD training networks.

Experience with eMASS or equivalent RMF tracking and documentation systems.

Experience supporting DISA STIG implementation, ACAS/Nessus scan review, SCAP results, POA&M management, and vulnerability remediation planning.

Experience with DevSecOps, CI/CD pipelines, secure software development, software supply chain security, and continuous monitoring for software-intensive systems.

Relevant certifications such as CISSP, CISM, Security+, CASP+, CAP, GSLC, or equivalent DoD 8140 / 8570 cybersecurity certifications.

Level of Effort

This is a part-time position. Anticipated support may range from approximately 10 to 20 hours per week depending on RMF schedule, ATO milestones, technical integration events, and government review cycles. Periods of increased support may be required during RMF package development, cybersecurity reviews, assessment preparation, vulnerability remediation, and classified network integration activities.

Work Location

Remote support is anticipated for most activities. Travel requirements will be coordinated in advance for Suffolk, Virginia.

Desired Candidate Profile

The successful candidate will be a senior cybersecurity professional who understands both the technical and procedural realities of moving a software product through RMF and into a classified government operating environment. The candidate must be able to identify practical cybersecurity solutions, guide the team through ATO requirements, communicate effectively with government cyber stakeholders, and help ensure the product can be securely integrated into the JLVC framework without unnecessary schedule delay or compliance risk.

Applied Training Solutions, LLC is a leading simulations company providing innovative systems, products, and solutions to government and commercial customers.

Applied Training Solutions, LLC is committed to hiring and retaining a diverse workforce. We are an Equal Opportunity Employer, making decisions without regard to race, color, religion, sex, national origin, age, veteran status, disability, or any other protected class. U.S. Citizenship is required for most positions.



Applied = 0

(web-77cf7d65c7-rcc7h)