Senior Security Consultant – DoD RMF & CMMC Implementation

About the OrganizationNow is a great time to join Redhorse Corporation. Redhorse specializes in developing and implementing creative strategies and solutions with private, state, and federal customers in the areas of cultural and environmental resources services, climate and energy change, information technology, and intelligence services. We are hiring creative, motivated, and talented people with a passion for doing what's right, what's smart, and what works.
About the RoleRedhorse is seeking a highly experienced Senior Security Consultant to play a crucial role in our growing cybersecurity practice. You will be a key player in guiding Redhorse project teams through the complexities of DoD Risk Management Framework (RMF) implementation and supporting our corporate CMMC compliance efforts. Your expertise will directly impact the success of our projects and help secure our clients' critical systems while contributing to Redhorse's continued growth and market leadership in the government technology space. This is a high-impact role where your contributions will directly benefit our clients’ mission success and enhance Redhorse's reputation as a trusted cybersecurity partner.

Key Responsibilities

• RMF Compliance & Implementation:
• Guide the implementation of the DoD Risk Management Framework (RMF) across multiple Redhorse projects, ensuring compliance with DoDI 8510.01, NIST SP 800-37, and NIST SP 800-53.
• Manage security control assessments and documentation, including System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M).
• Support Authorization to Operate (ATO) and related processes for DoD systems.
• CMMC Compliance & Implementation:
• Advise on the implementation of the Cybersecurity Maturity Model Certification (CMMC) requirements for DoD contractors and corporate networks.
• Perform gap analyses, risk assessments, and security audits to prepare the company for CMMC certification.
• Develop and execute remediation plans to align with CMMC Level 1–3+ controls.
• Assist in the development of CMMC policies, procedures, and training programs.
• Business Development & Client Engagement:
• Support proposal development, RFP responses, and whitepaper creation for cybersecurity services.
• Identify new business opportunities and expand service offerings in RMF and related cybersecurity solutions.
• Engage with clients to understand security needs and develop tailored cybersecurity strategies.
• Provide cybersecurity advisory services to leadership and stakeholders.

Required Experience/Clearance

• Strong knowledge of DoD RMF, NIST SP 800-37, NIST SP 800-53, FISMA, FedRAMP, and CNSSI 1253.
• Experience with network security concepts, including firewalls, IDS/IPS, SIEM, and endpoint security.
• Familiarity with CMMC Level 1-3+ requirements and compliance strategies.
• DoD 8570/8140 IAM/IAT Level II or III certification (e.g., CISSP, CISM, CAP, Security+ CE, CEH).
• Bachelor’s Degree in Cybersecurity, Information Security, Computer Science, or a related field (or equivalent experience).
• 20+ years of experience in cybersecurity consulting, RMF, network security, and compliance.
• Numerous successful ATO packages/approvals across multiple DoD impact levels.
• Experience in business development, proposal writing, and cybersecurity solution design.

Desired Experience

• Hands-on experience with security tools such as ACAS, Nessus, OpenVAS, STIGs, SCAP, Splunk, or ELK Stack.
• CMMC Certified Professional (CCP) or CMMC Certified Assessor (CCA) certification.
• Networking and security certifications (CCNA Security, CCNP Security, OSCP).
• Experience with cloud security architectures and implementation.

Equal Opportunity Employer/Veterans/Disabled  Accommodations:If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to access job openings or apply for a job on this site as a result of your disability. You can request reasonable accommodations by contacting Talent Acquisition at Talent-Acquisition@redhorsecorp.com Redhorse Corporation shall, in its discretion, modify or adjust the position to meet Redhorse’s changing needs.This job description is not a contract and may be adjusted as deemed appropriate in Redhorse’s sole discretion.