Applicant Login Principal Research Engineer VI S3 Apply now Job no: 503614 Department: Rotorcraft Systems Engineering Simulation Center Work type: Staff Full-time Exempt Location: Alabama Categories: Research - Engineering Purpose of the Position: The Risk Management Framework (RMF) Subject Matter Expert position is asenior-level role responsible for supporting the integration of security and riskmanagement activities throughout the lifecycle of technology systems,applications, platforms, and operational capabilities. This position will provideexpert guidance on the application of structured risk management processes tohelp ensure systems that receive, process, store, display, or transmit sensitiveinformation are developed, implemented, and sustained with appropriate securitycontrols and oversight.The RMF Subject Matter Expert will work closely with program managers, systemowners, technical teams, and organizational stakeholders to support systemcategorization, control selection, implementation, assessment, authorization, andcontinuous monitoring activities. This role will also support risk assessments,compliance documentation, security planning, and ongoing improvement oforganizational security posture.Duties/Responsibilities• Perform funded research and lead and support Risk Management Framework activities across the lifecycle of technology systems, applications, and operational capabilities.• Assist with the development, review, and maintenance of security documentation, including system security plans, assessment reports, plans of action and milestones, and related risk management artifacts.• Conduct risk assessments, gap analyses, and security control reviews to identify deficiencies and recommend mitigation strategies.• Support system categorization, security control selection and tailoring, control implementation, control assessment, and authorization activities.• Collaborate with program managers, system owners, security personnel, and technical teams to integrate security and risk management practices into the project planning and execution.• Support continuous monitoring activities and help maintain visibility into system risk, security posture, and required remediation actions.• Prepare reports, presentations, and other materials to communicate risk, compliance status, and recommendations to technical and non-technical stakeholders.• Provide guidance, training, and subject matter expertise on risk management processes, control implementation, and security best practices.• Work cooperatively and effectively with a variety of stakeholders while maintaining confidentiality regarding the information being processed, stored, or accessed.• Update knowledge and skills regularly through internal and external training while remaining current on evolving risk management, cybersecurity, and compliance practices.• Participate in special projects as assigned.• Perform other duties as assigned. Minimum Requirements: • Ph.D., preferably in Science, Engineering, or Business. A Bachelor's degree combined with relevant specialized experience may be considered in lieu of a Ph.D., 8–10 years of full-time professional experience, or an equivalent combination of education and experience.• 8 years of verifiable experience in cybersecurity compliance, risk management, security control implementation, or related governance and assessment activities.• Strong understanding of risk management lifecycle concepts, including system categorization, control selection, implementation, assessment, authorization, and continuous monitoring.• Experience developing and maintaining security documentation, such as system security plans, security assessment reports, and remediation tracking artifacts.• Ability to conduct risk assessments, identify gaps, and recommend practical mitigation strategies.• Excellent technical writing, communication, and stakeholder engagement skills.• Proven ability to collaborate across technical, operational, and leadership teams to support risk-informed decision-making.• Ability to obtain and maintain a Secret or Top Secret security clearance.• US citizenship is required Desired Qualifications: • PH.D in Cybersecurity, Engineering, Computer Science, Information Systems, Business Administration, or a related discipline• Professional certifications such as CISSP, CISM, CISA, ISSEP, or equivalent.• Experience delivering training, leading workshops, and mentoring junior staff.• Ability to support both project-based implementation efforts and long-term continuous monitoring activities.• Experience working in regulated, mission-critical, or highly controlled environments.• Experience with DevSecOps• Experience with UAS-specific hardware (or other safety-critical environments)• Experience with cybersecurity and software security design best practices• Flight testing experience Published Salary (if available): $179,221 - $192,559 Advertised: Mar 31 2026 Central Daylight Time Applications close: Back to search results Apply now Refer a friend Whatsapp Facebook LinkedIn Email App Send me jobs like these We will email you new jobs that match this search. Great, we can send you jobs like this, if this is your first time signing up, please check your inbox to confirm your subscription. The email address was invalid, please check for errors. You must agree to the privacy statement Subscribe Recaptcha Privacy agreement Search results Position Location Closes Principal Research Engineer VI S3 Alabama The Risk Management Framework (RMF) Subject Matter Expert position is a senior-level role responsible for supporting the integration of security and risk management activities throughout the lifecycle of technology systems, applications, platforms, and operational capabilities. This position will provide expert guidance on the application of structured risk management processes to help ensure systems that receive, process, store, display, or transmit sensitive information are developed, implemented, and sustained with appropriate security controls and oversight. The RMF Subject Matter Expert will work closely with program managers, system owners, technical teams, and organizational stakeholders to support system categorization, control selection, implementation, assessment, authorization, and continuous monitoring activities. This role will also support risk assessments, compliance documentation, security planning, and ongoing improvement of organizational security posture. Expression of Interest Loading... Current Opportunities Position Location Closes Principal Research Engineer VI S3 Alabama The Risk Management Framework (RMF) Subject Matter Expert position is a senior-level role responsible for supporting the integration of security and risk management activities throughout the lifecycle of technology systems, applications, platforms, and operational capabilities. This position will provide expert guidance on the application of structured risk management processes to help ensure systems that receive, process, store, display, or transmit sensitive information are developed, implemented, and sustained with appropriate security controls and oversight. The RMF Subject Matter Expert will work closely with program managers, system owners, technical teams, and organizational stakeholders to support system categorization, control selection, implementation, assessment, authorization, and continuous monitoring activities. This role will also support risk assessments, compliance documentation, security planning, and ongoing improvement of organizational security posture. Powered by PageUp Please note, job openings are posted for a minimum of three (3) business days and may be removed from the job posting board and filled any time after the minimum posting period has ended. The University of Alabama in Huntsville is an equal opportunity employer (EOE), including an EOE of protected veterans and individuals with disabilities.