ZipRecruiter

Log In

2

Remote Rmf Jobs (NOW HIRING)

DEFCON AI

Platform Security & RMF Lead

As the Platform Security & RMF Lead, you will own the authorization posture and platform-level ... A fully remote, results-based environment * Competitive salary, bonus, and equity package * 100 ...

Amyx, Inc.

RMF and Cybersecurity Lead

O Fallon, IL · On-site +1

This position will supports RMF compliance, cybersecurity operations, and continuous monitoring. * Primary Responsibilities will include: * Develops and maintains RMF artifacts (ATO/ATC, POA&Ms)

Concept Plus

Cybersecurity Policy & RMF Analyst

About the role Concept Plus is seeking a Cybersecurity Policy and RMF Analyst to provide Risk Management Support to identify shortfalls in the assessment and authorization process, track and manage ...

SNI Technology

Project Manager

Milwaukee, WI · Remote

$50 - $55/hr

Remote - Anywhere in the U.S. Travel: Occasional travel to Texas (approximately 2 times per year ... Monitor RMF/ATO compliance posture, vulnerability remediation activities, and Configuration Control ...

next page

Showing results 1-20

All JobsRmf JobsRemote Rmf Jobs

Remote Rmf information

See salary details

$29.5K

$94.9K

$170.5K

How much do remote rmf jobs pay per year?

As of Jun 15, 2026, the average yearly pay for remote rmf in the United States is $94,926.00, according to ZipRecruiter salary data. Most workers in this role earn between $49,500.00 and $127,500.00 per year, depending on experience, location, and employer.

What is a Remote RMF job?

A Remote RMF (Risk Management Framework) job involves managing cybersecurity risk and compliance for an organization while working remotely. Professionals in this role ensure that IT systems align with federal security standards, such as those outlined by NIST. Responsibilities may include conducting risk assessments, implementing security controls, and maintaining compliance documentation. Remote RMF specialists often work with government agencies, contractors, or private companies handling sensitive data. This position requires expertise in cybersecurity policies, risk management, and regulatory compliance.

What are the typical daily responsibilities of a Remote RMF Specialist?

As a Remote RMF Specialist, your daily responsibilities often include conducting security assessments, preparing and reviewing authorization packages, and ensuring ongoing compliance with federal information security standards. You'll collaborate with cross-functional teams to identify risks, develop mitigation strategies, and document security control implementations. Regular communication with stakeholders, participation in virtual meetings, and continual monitoring of systems and processes to ensure compliance are also core aspects of the job. This role leverages remote work tools to collaborate effectively with cybersecurity, IT, and compliance professionals across multiple locations.

What are the key skills and qualifications needed to thrive in the Remote Rmf position, and why are they important?

To thrive as a Remote RMF (Risk Management Framework) Specialist, you need a strong understanding of information security principles, federal risk management frameworks (such as NIST SP 800-37), and relevant cybersecurity policies, typically backed by a degree in information security or related field. Familiarity with security assessment tools, governance, risk, and compliance (GRC) software, as well as certifications like CISSP, CAP, or CISM, is highly valued. Excellent organizational skills, attention to detail, and the ability to communicate complex security concepts clearly are important soft skills. These capabilities are critical to ensure regulatory compliance and robust information system security in a remote work context.

More about Remote Rmf jobs
What cities are hiring for Remote Rmf jobs? Cities with the most Remote Rmf job openings:
What states have the most Remote Rmf jobs? States with the most job openings for Remote Rmf jobs include:
What job categories do people searching Remote Rmf jobs look for? The top searched job categories for Remote Rmf jobs are:
Remote Rmf jobs near you
Infographic showing various Remote Rmf job openings in the United States as of June 2026, with employment types broken down into 79% Full Time, 2% Part Time, and 19% Contract. Highlights an 100% Remote job distribution, with an average salary of $94,926 per year, or $45.6 per hour.

Platform Security & RMF Lead

DEFCON AI

Remote

Full-time

Medical, Dental, Vision, PTO

Posted 13 days ago

Job description

ABOUT DEFCON AI
RESILIENCE IN THE FACE OF DISRUPTION. DEFCON AI is an insights company that leverages artificial intelligence, mathematical optimization, data analytics, and software engineering for resilient optimization of complex systems.
In today's dynamically changing world, DEFCON AI's technology aligns outcomes with operational goals, better decision making, and empowers customers to anticipate assess, and mitigate the impacts of disruptions.
About the Role
This is a rare opportunity to define the security posture of a mission-critical DoW software platform from the ground up.
As the Platform Security & RMF Lead, you will own the authorization posture and platform-level security discipline for DEFCON AI's government-facing systems and integration platform. You are responsible for the full RMF lifecycle-from ATO strategy through continuous monitoring-and serve as the authoritative voice on whether the system is secure, compliant, and authorized to operate.
You will work closely with Architecture and DevSecOps leadership to define the security standards the platform must meet, while ensuring cross-domain data flows comply with classification and authorization requirements. This is a deeply specialized role requiring expert-level fluency in DoW security frameworks, RMF processes, and cleared-system environments.
This is asenior level role combining hands-on RMF execution with platform-wide security leadership. You will guide both government stakeholders and engineering teams through complex authorization, classification, and security decisions.
Key Responsibilities
ATO Strategy & RMF Ownership
  • Define and execute the ATO pathway, including responsibility allocation across government and contractor teams
  • Author and maintain RMF documentation (SSP, SAP, SCTM, ConMon) in accordance with DoWI 8510.01 and NIST 800-53
  • Coordinate with eMASS and Authorizing Officials on assessment and authorization activities
  • Lead continuous monitoring and reauthorization efforts across the system lifecycle

Cross-Domain Security & Classification Policy
  • Define security requirements for cross-domain data flows (IL-5, IL-6, tactical edge)
  • Evaluate and guide selection of DoW-approved cross-domain solutions
  • Ensure classification-aware data segmentation is enforceable, auditable, and aligned with policy (e.g., NOFORN, REL_TO, ORCON)
  • Review system architecture to ensure compliant handling of classified data flows

Multi-Enclave Security Architecture
  • Support secure operation across NIPR, SIPR, and higher classification environments
  • Define authorization approaches (inheritance vs. standalone ATOs) across enclaves
  • Ensure security posture scales without requiring fundamentally different architectures
  • Maintain alignment with evolving joint and service-level security requirements

Platform Security Advisory
  • Serve as the authoritative internal resource for DoW security and RMF-related questions
  • Advise on container security, RBAC, service mesh security, PKI/CAC integration, and secrets management
  • Define expectations for security scanning, container hardening, and vulnerability management (without owning the pipeline)
  • Evaluate new capabilities for security and authorization impacts prior to production deployment

Required Qualifications
  • 10+ years of information assurance or security engineering experience with increasing seniority
  • 5+ years of hands-on ownership of RMF / ATO packages for DoW production systems, including at least one full authorization cycle (categorization → controls → implementation → assessment → authorization → ConMon).
  • Deep familiarity with DoW security frameworks, RMF processes, and NIST 800-53 controls
  • Proven ability to operate in complex, multi-enclave or classified environment
  • US Citizenship Required
  • Active Secret Clearance
  • Willing to travel up to 25% for business needs

Preferred Qualifications
  • Active TS/SCI Clearance
  • Experience supporting USMC or Service-level network environments
  • Experience with ATO inheritance, reciprocity, or common control provider model
  • Experience with cross-domain solutions or multi-level security architectures
  • Familiarity with Palantir Foundry or Anduril Lattice environments
  • Prior experience as an ISSO, SCA, or in a similar senior DoW security role

What Success Looks Like
  • A clear ATO pathway is defined, approved by stakeholders, and actively progressing
  • RMF artifacts and compliance evidence are built into the delivery process-not created after the fact
  • Cross-domain data flows are secure by design, with classification policy embedded at the data level
  • The platform operates securely across multiple enclaves without requiring re-architecture at each level
  • Engineering teams proactively engage security early in design decisions
  • Government stakeholders view the system's security posture as credible, well-managed, and audit-ready

What We Offer:
  • A fully remote, results-based environment
  • Competitive salary, bonus, and equity package
  • 100% employer paid, comprehensive health insurance including medical, dental, and vision for you and your family
  • Unlimited PTO, with your manager's approval
  • Flexible work environment where you manage your work day
  • 14 weeks of fully-paid parental leave

Salary Range: $175,000-$215,000. This represents the typical salary range for this position based on experience, skills, and other factors.
We're an Equal Opportunity Employer: You'll receive consideration for employment without regard to race, sex, color, religion, sexual orientation, gender identity, national origin, protected veteran status, or on the basis of disability.
Applicant Data Disclosure
By submitting an application, you acknowledge that Defcon AI uses third-party service providers to facilitate its recruitment and hiring processes. These providers include applicant tracking systems, candidate verification platforms, and fraud detection tools (collectively, "Hiring Platforms"). Your application materials, including your résumé, cover letter, work samples, responses to application questions, and any other information you submit, may be transmitted to and processed by these Hiring Platforms for the following purposes:
  • Managing and administering your application throughout the hiring process;
  • Verifying the accuracy and authenticity of application materials, including by cross-referencing information you provide against publicly available sources and proprietary databases;
  • Identifying indicators of potentially fraudulent, fabricated, or materially misleading application content, including but not limited to discrepancies between submitted materials and publicly available professional profiles, geographic anomalies, and fabricated work histories.

Applications that are flagged through this process as containing indicators of fraud or material misrepresentation may be declined from further consideration. If you have questions about the status of your application or the evaluation process, please contact recruiting@defconai.com.
Defcon AI requires its Hiring Platform providers to process your information solely for the purposes described above and in accordance with applicable law. Your information will be retained only for as long as necessary to fulfill these purposes and any applicable legal obligations, after which it will be deleted in accordance with Defcon AI's data retention policies.
For more information about how your data is used, please refer to our Privacy Policy and Applicant Privacy Notice.

Apply