Talent.com
Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)
Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)Foxhole Technology • Washington, DC, United States
Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Foxhole Technology • Washington, DC, United States
2 days ago
Job type
  • Full-time
Job description

Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Job Locations

US-DC

Job ID

2025-2027

Category

Information Technology

Type

Regular Full-Time

Clearance Required

Top Secret / SCI Capability

Overview

Title : Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Location : Washington D.C. (Hybrid)

Clearance : Top Secret with SCI Eligibility

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise - across the organization and around the world.

We are seeking a talented Test & Evaluation SME with hands-on experience focusing on Cybersecurity Risk Management Construct (CSRMC) within federal government environments.

Job Description

The Test & Evaluation SME plays a critical role in enabling the Department of War's CSRMC initiative by providing deep expertise in testing, evaluating, and validating cybersecurity controls and risk-management processes associated with systems authorized under the legacy RiskManagementFramework (RMF) and transitioning into the CSRMC lifecycle. This individual will lead or advise on test planning, execution, independent verification, and validation of security, resiliency, survivability, and continuous monitoring activities. They will partner with system owners, developers, cybersecurity engineers, authorizing officials (AOs), and program test teams to ensure systems meet evolving risk posture, mission assurance and cybersecurity requirements consistent with the CSRMC's five-phase lifecycle (Design Build Test Onboard Operations) and ten foundational tenets (Automation, Critical Controls, Continuous Monitoring, DevSecOps, Cyber Survivability, Training, Enterprise Services & Inheritance, Operationalization, Reciprocity, Cybersecurity Assessments).

Serve as the SME for cybersecurity test & evaluation (T&E) activities associated with RMF / CSRMC-governed systems - including defining test strategies, planning assessment events, coordinating independent verification and validation (IV&V), and integrating security testing into system lifecycle.

  • Develop and / or review test artifacts (e.g., Test & Evaluation Master Plan (TEMP) segments, T&E event plans, cybersecurity test plans, threat-informed test scenarios, penetration test / Red Team inputs, vulnerability assessment results, system stress / failover / resiliency tests) tailored to CSRMC requirements.
  • Ensure testing covers critical controls, cyber-survivability metrics, and continuous monitoring capabilities - validating that controls are implemented correctly, operating as intended, and achieving desired mission outcomes (akin to RMF "Assess" step) but aligned with CSRMC's dynamic operational posture.
  • Lead or interface with assessment teams (including system owner, developer, cybersecurity engineering, test-eval, ISSM / ISSO) to execute security control assessments, Red / Blue Team exercises, resilience testing in contested environments, and continuous monitoring verification.
  • Analyze test results and findings, produce Test Reports, provide recommendations for corrective actions (Plans of Action & Milestones (POA&Ms) where applicable), track remediation status, and provide visibility to Authorizing Officials (AOs) and cybersecurity leadership.
  • Support authority-to-operate (ATO / ATO-equivalent) decisions by providing test evidence, risk-based assessments of control implementation, system vulnerabilities, and threat-informed scenario outcomes.
  • Facilitate integration of T&E activities into DevSecOps pipelines, system development, and deployment workflows to meet CSRMC's emphasis on automation, continuous verification, and operational readiness.
  • Provide subject-matter advice on T&E methodologies, toolsets, and techniques (including automated scanning, STIG / SCAP compliance tools, threat-informed testing, and mission-based T&E) to enhance cybersecurity posture and support program test communities.
  • Mentor, coach, or assist less-experienced cybersecurity / test staff, and contribute to refining organizational test processes, templates, and best practices for RMF / CSRMC alignment.
  • Stay abreast of evolving DoW cybersecurity policy, guidance, and test & evaluation standards (e.g., DoDI8510.01, NISTSP80037, T&E Guidebooks) and ensure test activities reflect current requirements.

Performance Metrics :

  • Timely completion of cybersecurity test plans, test execution events, and deliverables in alignment with system milestones.
  • Quality and relevance of test findings : percentage of critical / major deficiencies identified and remediated, effectiveness of corrective actions.
  • Ability to support systems achieving ATO or equivalent authorization in alignment with CSRMC timelines.
  • Integration of test results into continuous monitoring and operational dashboards, supporting the "real-time" posture envisioned in CSRMC.
  • Stakeholder satisfaction : responsiveness, clarity of communications, guidance provided to test and program teams, support of warfighter needs.
  • Contribution to process improvement : development of reusable test templates, automation of test workflows, and embedding T&E into DevSecOps pipelines.

    • Minimum Requirements

  • Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related discipline (or equivalent relevant experience).
  • Minimum of 15 years of cybersecurity and / or test & evaluation experience within the DoW, defense industry, or equivalent mission-critical environment.
  • Must hold (or be eligible to obtain) a DoW Top Secret or higher security clearance
  • At least 5 years of direct experience in test & evaluation of cybersecurity controls, system authorizations, or RMF / A&A activities in a DoW or Government context.
  • Demonstrated experience planning and executing cybersecurity test events (control assessments, penetration testing, resiliency tests, vulnerability scanning, threat-informed scenario testing) for complex systems, with documented results and remediation tracking.
  • Strong familiarity with the RMF process (Steps : Categorize, Select, Implement, Assess, Authorize, Monitor) and associated artifacts (SSP, SAR, POA&Ms) for DoW systems.
  • Knowledge / experience of the CSRMC initiative or ability to rapidly adapt to it - including understanding of continuous monitoring, automation, cyber-survivability, DevSecOps integration, and the five-phase lifecycle.
  • Strong analytical, problem-solving, and risk-based thinking skills - capable of assessing security posture, communicating test findings, supporting risk decisions, and advising senior leadership.
  • Excellent communication (verbal and written), coordination, and stakeholder engagement skills - able to work across program management, system engineering, cybersecurity, test & evaluation, operations, and authorizing officials.

    • Desired Experience / Certifications

  • Professional cybersecurity certifications such as CISSP, CISM, CAP, CEH, or equivalent; and / or test & evaluation credentials are strongly preferred.
  • Advanced degree in cybersecurity, engineering, or related discipline.
  • Experience working in contested, mission-critical, or warfighter-embedded environments (air, land, sea, space, cyberspace).
  • Familiarity with test & evaluation infrastructure / tools and frameworks (e.g., automated scanning tools [ACAS, Nessus], STIG / SCAP compliance, threat-informed test frameworks, resilience / failover testing).
  • Experience working with DevSecOps pipelines, continuous integration / continuous deployment (CI / CD) tools, and embedding security testing into agile development workflows.
  • Prior experience working with DoD programs migrating from RMF to CSRMC or similar risk models (or large-scale cybersecurity transformation initiatives).

    • More Information

    At Foxhole Technology, we are committed to pay transparency as required by law, for our applicants and employee-owners. The salary range for this position is $195,000-220,000. Actual compensation will be determined based on a number of factors as permitted by law.

    Foxhole Technology offers a competitive benefits package for our employees and their dependents, including health, dental, and vision care, paid leave, retirement plans (401K, Roth, and ESOP), life and disability insurance, flexible spending accounts, and education and training assistance.

    Requirements of position : Think analytically, effective verbal and written communication skills, make decisions, observe / remember details, interpret data, concentrate on tasks, adjust to change, handle stress / emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard / type, handle confidential information, use math / calculations, stay organized, operate office equipment, may direct others. May be exposed to dust / dirt, humidity, and noise.

    Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military / veteran status, or any other protected class.

    Need help finding the right job?

    We can recommend jobs specifically for you!

    Click here to get started.

    Create a job alert for this search

    Risk Management • Washington, DC, United States

    Related jobs
    Subject Matter Expert Test & Evaluation (8585)

    Subject Matter Expert Test & Evaluation (8585)

    Patricio Enterprises Career • Fort Belvoir, Virginia, USA
    Full-time
    Top Secret with Sensitive Compartmented Information eligibility.K Life / Health / Dental / Disability Insurance Flexible Paid Leave and Tuition Reimbursement. Test Engineer / Subject Matter Expert - Princi...Show more
    Last updated: 26 days ago • Promoted
    EdiXml Subject Matter Expert (Sme)

    EdiXml Subject Matter Expert (Sme)

    CGI • Fort Belvoir, Virginia, USA
    Full-time
    We are seeking a seasoned EDI / XML Subject Matter Expert (SME) to oversee and drive the success of all tasks within the Performance Work Statement (PWS). This senior key role involves comprehensive m...Show more
    Last updated: 25 days ago • Promoted
    Penetration Tester

    Penetration Tester

    Unisity • Howard County, Maryland, USA
    Full-time
    Unisity LLC is a Service-Disabled Veteran Owned Small Business providing expert services in the Information Technology fields. We pride ourselves on delivering what is promised as some would say we ...Show more
    Last updated: 22 days ago • Promoted
    Third-Party Risk Assurance Manager

    Third-Party Risk Assurance Manager

    Cotton & CO • Alexandria, VA, United States
    Full-time
    Third Party Risk Assurance Manager - (Remote, US).What to expect when you join the Sikich family.Team members at Sikich have a lot in common while also being part of a rich and varied group of cont...Show more
    Last updated: 12 days ago • Promoted
    Software Developer in Test (SDET)

    Software Developer in Test (SDET)

    SSG • Potomac, Virginia, USA
    Full-time
    Software Developer in Test (SDET).Military Veterans are highly encouraged to apply!.Essential Duties and Responsibilities. Develop and execute test plans test cases and test procedures to ensure tha...Show more
    Last updated: 11 days ago • Promoted
    Lead Penetration Tester TSSCI Polygraph

    Lead Penetration Tester TSSCI Polygraph

    Leidos • Howard County, Maryland, USA
    Full-time
    National Security Sectors (NSS) Cyber & Analytics Business Area (CABA).Our talented team is at the forefront in Security Engineering Computer Network Operations (CNO) Mission Software Analytica...Show more
    Last updated: 17 days ago • Promoted
    Cybersecurity – Information System Security Officer (ISSO)

    Cybersecurity – Information System Security Officer (ISSO)

    Boeing • Howard County, Maryland, USA
    Full-time +1
    Cybersecurity Information System Security Officer (ISSO).The Boeing Company is currently seeking a.Cybersecurity Information System Security Officer (ISSO). Department of Defense (DoD) and Special...Show more
    Last updated: 3 days ago • Promoted
    Tech Risk and Controls Director

    Tech Risk and Controls Director

    Chase • Washington, DC, US
    Full-time
    Tech Risk & Controls Director In Global Standards And Control Lifecycle Management.Join a role that's central to our technological resilience, offering a unique opportunity to shape the firm's tech...Show more
    Last updated: 3 hours ago • Promoted • New!
    Senior Cyber Operations, Site Lead

    Senior Cyber Operations, Site Lead

    Huntington Ingalls Industries, Inc. • Howard County, Maryland, USA
    Full-time
    Employment Type : Full Time / Salaried / Exempt.Anticipated Salary Range : $110000.Security Clearance : TS / SCI with Poly. HIIs Mission Technologies division.Warfare Systems comprises cyber and mission IT; ele...Show more
    Last updated: 30+ days ago • Promoted
    Lead Cyber Evaluation Expert

    Lead Cyber Evaluation Expert

    SilverEdge • Columbia, MD, United States
    Full-time
    SilverEdge is a premier provider of innovative cyber, software, and intelligence solutions, addressing mission-critical challenges for the Department of Defense (DoD), Intelligence Community (IC), ...Show more
    Last updated: 6 days ago • Promoted
    Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

    Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

    Foxhole Technology • Washington, DC, United States
    Full-time
    Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC).Job Locations US-DC Job ID 2025-2027 Category Information Technology Type Regular Full-T...Show more
    Last updated: 1 hour ago • Promoted • New!
    Test Engineer

    Test Engineer

    Leidos Inc • Bethesda, MD, United States
    Full-time
    National Security Sector's (NSS) Cyber & Analytics Business Area (CABA).Our talented team is at the forefront in Security Engineering, Computer Network Operations (CNO), Mission Software, Analytica...Show more
    Last updated: 30+ days ago • Promoted
    Sr. Scrum Master / Team Coach - Cyber Security

    Sr. Scrum Master / Team Coach - Cyber Security

    Sparktek • Washington, DC, United States
    Full-time
    This role combines hands-on Agile facilitation with team-level coaching to accelerate delivery, increase transparency, and strengthen Agile maturity across technical teams working in a mission-crit...Show more
    Last updated: 13 days ago • Promoted
    Senior Cybersecurity Engineer - Compliance & Risk Management

    Senior Cybersecurity Engineer - Compliance & Risk Management

    Human Resources Research Organization • Alexandria, VA, United States
    Full-time
    Senior Cybersecurity Engineer - Compliance & Risk Management.The Human Resources Research Organization (HumRRO).We work with federal and state government agencies, private sector organizations, and...Show more
    Last updated: 5 days ago • Promoted
    Penetration Tester 3 with Poly

    Penetration Tester 3 with Poly

    Jacobs • Columbia, MD, United States
    Full-time
    Are you interested in using your skills to help shape the Cyber, Security, & Intel space? If so, look no further.We are seeking a Penetration Tester 3 to join our team of passionate individuals on...Show more
    Last updated: 30+ days ago • Promoted
    Remote Content QA Reviewer

    Remote Content QA Reviewer

    Outlier • Columbia, MD, United States
    Remote
    Full-time
    Earn up to $15 / hour + performance bonuses.Outlier, a platform owned and operated by Scale AI, is looking for.If you're passionate about improving models and excited by the future of AI, this is you...Show more
    Last updated: 1 day ago • Promoted
    Senior Penetration Tester

    Senior Penetration Tester

    Belay Technologies • Howard County, Maryland, USA
    Full-time
    Belay Technologies has been voted Baltimore Business Journals (BBJ) Best Places to Work 2019 runner-up in 2020 and a finalist in 2021!. Belay Technologies is seeking a.The PT is needed to join a hig...Show more
    Last updated: 21 days ago • Promoted
    Senior Manager, Business Controls Testing, Enterprise Services Risk

    Senior Manager, Business Controls Testing, Enterprise Services Risk

    Capital One • Washington D.C., DC, US
    Full-time +1
    Senior Manager, Business Controls Testing, Enterprise Services Risk.The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and high...Show more
    Last updated: 5 days ago • Promoted