Cybersecurity Policy Writer with Security Clearance Job at RSCY Consultants, LLC

ISSO Location: Herndon, Virginia Clearance: TS/SCI with ability to obtain an SCI and pass a Poly Salary: $112,000 - $179,000 Certification: DoD 8570 Baseline Certification (e.g., Security+, CISSP) Seeking a highly skilled Information Assurance/Security Engineer to support Assessment & Authorization (A&A) and cybersecurity operations across multiple mission systems. This position requires a professional with hands-on expertise in the Risk Management Framework (RMF), information system security planning, and continuous monitoring in secure government environments. Key Responsibilities Design and implement security controls and safety measures in accordance with RMF (ICD 503, CNSSI-1253, NIST 800-37, NIST 800-53, etc.). Lead A&A activities and produce comprehensive Information Assurance documentation across multiple systems and CLINs. Author and maintain System Security Plans (SSPs) and supporting documentation within Xacta. Develop Security Controls Traceability Matrices (SCTM) and Security Test Plans (STP). Analyze system vulnerabilities, recommend mitigation strategies, and implement improvements. Conduct log reviews, vulnerability analyses (e.g., ACAS, TwistLock, SonarQube), and apply DISA STIGs using STIG Viewer. Create and manage Plan of Action and Milestones (POA&Ms) and work with engineers and PMs to address open findings. Support continuous monitoring efforts and audit system usage. Collaborate with development and architecture teams to identify, define, and satisfy security requirements. Maintain situational awareness of network status and provide timely communications of anomalies or security events. Required Qualifications Bachelor's degree in Cybersecurity, Computer Science, or a related field coupled with 8+ years of experience supporting A&A and RMF-based documentation and processes (6+ years with MS; 12+ years in lieu of degree may be considered). DoD 8570 Baseline Certification (e.g., Security+, CISSP). Experience with RMF, Xacta, SIEM tools (e.g., Splunk), and vulnerability scanning. Practical understanding of control testing and risk assessments. Excellent analytical and problem-solving skills. Willingness to work flexible hours if mission needs dictate. Desired Qualifications Experience with AWS or Google Cloud Platform cybersecurity practices. Familiarity with Red Hat or CentOS Linux systems. Prior experience working in a DevSecOps environment and toolchain. Familiarity with agile development and CI/CD pipelines in secure settings.