Information System Security Engineer/RMF Analyst/Technical Writer (15.28)

Information System Security Engineer / RMF Analyst / Technical Writer

OCT Consulting is a business management and technology consulting firm that provides support to Federal Government clients. We provide consulting services in the areas of Strategy, Process Improvement, Change Management, Program and Project Management, Acquisition/Procurement, and Information Technology.

Responsibilities and Duties

OCT currently has an opening for an Information System Security Engineer / RMF Analyst /Technical Writer to work with our federal client. This hybrid role may require some onsite presence as the client desires for meetings and system support.

This position is contingent upon contract award.

Day to day responsibilities include:

● Serve as ISSE supporting USAFA systems, providing subject matter expertise in system security engineering, RMF execution, and technical documentation.

● Act as the technical lead for system security architecture and control implementation strategies, advising system owners and engineering teams on secure design in alignment with NIST SP 800-53 Rev. 5 and DoD guidance.

● Capture, refine, and document IT system requirements, ensuring integration of security requirements throughout the system development lifecycle.

● Identify and document mission-critical assets and information that require protection, contributing to risk assessments and architectural recommendations.

● Perform and maintain system-level risk assessments that support authorization decisions and inform residual risk determinations.

● Lead the technical portions of RMF Step 2 (Categorize) and Step 3 (Select), using NIST SP 800-60 and FIPS 199 to guide impact level determination and initial control tailoring.

● Support the development and maintenance of the System Security Plan (SSP), ensuring all technical controls are clearly defined with planned inputs, expected behaviors, and functional outcomes.

● Contribute to the assembly of the full RMF Security Authorization Package, including the SSP, Security Assessment Report (SAR), POA&M, risk statements, and briefing materials for the Authorizing Official (AO).

● Develop and update required RMF and system documentation including:

o Monitoring Strategy Document

o POA&M and SSP updates

o System Security Plan Analysis

o Security Categorization Review

o Security Plan Approval Recommendation Letter

o SAR with vulnerability assessment results

o Issue Resolution and Remediation Status Reports

o Residual Risk Statements for Risk Acceptance Recommendations

o Presentation briefings and meeting support documents

● Collaborate with ISSMs, ISSOs, SCARs, and system owners to gather evidence, produce high-quality deliverables, and ensure traceability of control implementation and assessment results.

● Author, edit, and standardize RMF documentation to ensure clarity, completeness, and consistency across systems, adhering to DoD, AFMAN, and USAFA-specific templates and quality standards.

● Maintain alignment between documentation and actual system behavior, identifying gaps or noncompliance early and supporting remediation planning.

● Provide peer review, formatting, and compliance support across all cybersecurity deliverables, including SOPs, policies, and authorization artifacts.

● Serve as the central resource for maintaining documentation readiness in eMASS, ensuring system artifacts are current, correctly linked, and audit ready.

Requirements

Qualifications/Requirements

● Must be a U.S. Citizen

● Required Certifications: CISSP-ISSEP or CISM + RMF/FISMA background

● Bachelor of Science degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an Accreditation Board for Engineering and Technology (ABET) accredited or Certified Association Executive (CAE) designated institution preferred

● At least three years of relevant work experience preferably as an ISSE within the United States Air Force (USAF) or a similar environment

● Must have experience with NIST SP 800-37 Rev. 2, SP 800-53 Rev. 5, SP 800-60, FIPS 199/200, system risk assessments, eMASS, FedRAMP, AFI 17-101

● Must have Active Tier 3 (or higher) security clearance

● Proximity to USAF Academy, CO 80840 a plus

Benefits

Benefits

OCT offers competitive compensation packages and a full suite of benefits which includes:

● Medical, Dental, and Vision insurance

● Retirement savings 401K plan provided by an industry leading provider with 3%

employer contributions of the employee’s gross salary

● Paid Time Off and Standard Government Holidays

● Life Insurance, Short- and Long-Term disability benefits

● Training Benefits

Salary Range:  $50,000- $250,000 yearly commensurate with experience, education, etc.

About OCT Consulting

OCT Consulting LLC is a minority-owned, Small ​Disadvantaged Business (SDB) providing professional services and information technology solutions to the Federal government and commercial clients. Founded in 2013, we bring the advantage of agility in operations along with a management team with a track record of leading successful engagements at major Federal

government agencies.

At OCT, we are committed to ensuring equal opportunity for all individuals, recognizing that merit and qualifications are the foundation of our hiring, promotion, and development practices. We believe in creating a work environment where employees can thrive based on their abilities, skills, and achievements. Our practices ensure fair treatment and equal access to opportunities for all, regardless of race, ethnicity, gender, sexual orientation, age, abilities, or other personal characteristics. We are dedicated to providing career growth and professional development based on individual merit and fostering a workplace where everyone’s contributions are valued and recognized.