Cybersecurity /Risk Management Framework (RMF) Subject Matter Expert (SME)

Clearance Level
Information Security
Fort Shafter, Hawaii

REQ#: RQ98741

Travel Required: None
Public Trust: None
Requisition Type: Regular

The GDIT Cybersecurity SME will:

  • Support the Information System Security Manager (ISSM) in requesting Authority to Connect (ATC) for new systems to be connected to production networks with a Change Request to the existing Risk Management Framework (RMF). 
  • Consistently communicate with the major Cybersecurity stakeholders of the project on a weekly basis on all RMF progress and barriers to current and future progress in addition copies of the constructed RMF artifacts
  • Be responsible for all Cybersecurity actions (at a minimum any Interim Authority to Test (IATT), Authority to Connect (ATC), Authority to Operate using the security controls of CNSSI-1253, and include life-cycle Cybersecurity maintenance of the system.
  • Conduct/Lead ad-hoc meetings to discuss all Cybersecurity matters with P2E Cybersecurity, ICAN ISSM and anyone involved with this project (i.e., USARPAC, 311th SC(T), RCC-P, etc.), the GDIT PM and the government representatives
  • Work with the GDIT Engineering team to ensure the engineering design for each new system incorporates Cybersecurity criteria for the system components in accordance with (IAW) applicable Army Regulations (ARs), DoD policy, and DISA STIGs
  • Support the Engineering team in developing a cyber-resilient system design and compliant baseline configuration for every type of device comprising the system
  • Document the Cybersecurity criteria and implementation plan for a cyber-resilient engineering design in the System Design Plan (SDP) and Engineering Implementation Plan (EIP). 
  • Develop, collect, and deliver Cybersecurity Artifacts to the ISSM to support entry into eMASS. (USG will coordinate to provide the Cybersecurity/RMF SME an eMASS Admin account). All Cybersecurity Artifacts documents must meet the local ICAN ISSM required quality standards.
  • Ensure all IT systems are fully compliant with all cyber security requirements of the network infrastructure and Visual Information Systems (VIS). Each system will utilize a standardized baseline configuration. 
  • Comply with DoD RMF process and work with the local ICAN ISSM of that enclave, system, or network to comply with current DoD policy and Army Regulation for Cybersecurity certification and accreditation process requirements.
  • Submit a POA&M for the systems, to include identification of control vulnerabilities for Non-compliant Test Result findings and Not Applicable (N/A) findings

Minimum Education:  A Bachelor’s degree in Computer Science or Information Systems, or equivalent experience.

Minimum Experience:  Recommend five (5) years’ experience on DoD Cybersecurity /RMF process.

Minimum Certifications/Qualifications:  IAT/IAM Level 3 Certified IAW DoD 8570.01 (example:  CISSP)

Duty Location:  Fort Shafter, Hawaii, with some local telework allowed.

Clearance:  Secret clearance is required on day one. May need to be eligible for Top Secret in the near future.


We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.