Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Job Locations

US-DC

Job ID

2025-2027

Category

Information Technology

Type

Regular Full-Time

Clearance Required

Top Secret / SCI Capability

Overview

Title : Test & Evaluation SME-Cybersecurity Risk Management Construct (CSRMC)

Location : Washington D.C. (Hybrid)

Clearance : Top Secret with SCI Eligibility

Foxhole Technology provides robust cybersecurity and IT support capabilities for federal civilian and defense agencies. A recognized leader in navigating technology and security challenges, Foxhole delivers mission-focused innovations to answer evolving and complex needs. Our talented employee-owners provide agile, scalable services and solutions that solve operational gaps, operate critical systems, and protect and secure the enterprise - across the organization and around the world.

We are seeking a talented Test & Evaluation SME with hands-on experience focusing on Cybersecurity Risk Management Construct (CSRMC) within federal government environments.

Job Description

The Test & Evaluation SME plays a critical role in enabling the Department of War's CSRMC initiative by providing deep expertise in testing, evaluating, and validating cybersecurity controls and risk-management processes associated with systems authorized under the legacy RiskManagementFramework (RMF) and transitioning into the CSRMC lifecycle. This individual will lead or advise on test planning, execution, independent verification, and validation of security, resiliency, survivability, and continuous monitoring activities. They will partner with system owners, developers, cybersecurity engineers, authorizing officials (AOs), and program test teams to ensure systems meet evolving risk posture, mission assurance and cybersecurity requirements consistent with the CSRMC's five-phase lifecycle (Design Build Test Onboard Operations) and ten foundational tenets (Automation, Critical Controls, Continuous Monitoring, DevSecOps, Cyber Survivability, Training, Enterprise Services & Inheritance, Operationalization, Reciprocity, Cybersecurity Assessments).

Serve as the SME for cybersecurity test & evaluation (T&E) activities associated with RMF / CSRMC-governed systems - including defining test strategies, planning assessment events, coordinating independent verification and validation (IV&V), and integrating security testing into system lifecycle.

• Develop and / or review test artifacts (e.g., Test & Evaluation Master Plan (TEMP) segments, T&E event plans, cybersecurity test plans, threat-informed test scenarios, penetration test / Red Team inputs, vulnerability assessment results, system stress / failover / resiliency tests) tailored to CSRMC requirements.
• Ensure testing covers critical controls, cyber-survivability metrics, and continuous monitoring capabilities - validating that controls are implemented correctly, operating as intended, and achieving desired mission outcomes (akin to RMF "Assess" step) but aligned with CSRMC's dynamic operational posture.
• Lead or interface with assessment teams (including system owner, developer, cybersecurity engineering, test-eval, ISSM / ISSO) to execute security control assessments, Red / Blue Team exercises, resilience testing in contested environments, and continuous monitoring verification.
• Analyze test results and findings, produce Test Reports, provide recommendations for corrective actions (Plans of Action & Milestones (POA&Ms) where applicable), track remediation status, and provide visibility to Authorizing Officials (AOs) and cybersecurity leadership.
• Support authority-to-operate (ATO / ATO-equivalent) decisions by providing test evidence, risk-based assessments of control implementation, system vulnerabilities, and threat-informed scenario outcomes.
• Facilitate integration of T&E activities into DevSecOps pipelines, system development, and deployment workflows to meet CSRMC's emphasis on automation, continuous verification, and operational readiness.
• Provide subject-matter advice on T&E methodologies, toolsets, and techniques (including automated scanning, STIG / SCAP compliance tools, threat-informed testing, and mission-based T&E) to enhance cybersecurity posture and support program test communities.
• Mentor, coach, or assist less-experienced cybersecurity / test staff, and contribute to refining organizational test processes, templates, and best practices for RMF / CSRMC alignment.
• Stay abreast of evolving DoW cybersecurity policy, guidance, and test & evaluation standards (e.g., DoDI8510.01, NISTSP80037, T&E Guidebooks) and ensure test activities reflect current requirements.

Minimum Requirements

Desired Experience / Certifications

More Information

At Foxhole Technology, we are committed to pay transparency as required by law, for our applicants and employee-owners. The salary range for this position is $195,000-210,000. Actual compensation will be determined based on a number of factors as permitted by law.

Foxhole Technology offers a competitive benefits package for our employees and their dependents, including health, dental, and vision care, paid leave, retirement plans (401K, Roth, and ESOP), life and disability insurance, flexible spending accounts, and education and training assistance.

Requirements of position : Think analytically, effective verbal and written communication skills, make decisions, observe / remember details, interpret data, concentrate on tasks, adjust to change, handle stress / emotions. Regular attendance, maintain work schedule, attend meetings, meet deadlines, keyboard / type, handle confidential information, use math / calculations, stay organized, operate office equipment, may direct others. May be exposed to dust / dirt, humidity, and noise.

Foxhole Technology is an Equal Opportunity Employer and makes hiring decisions without regard to race, color, religion, sex (including pregnancy, childbirth and sexual orientation), national origin, age, disability, genetic information, military / veteran status, or any other protected class.

Need help finding the right job?

We can recommend jobs specifically for you!

Click here to get started.