Risk Management Framework (RMF) Analyst - Top Secret ...

Risk Management Framework (RMF) Analyst - Top Secret Clearance | Norfolk, VA Cambridge International Systems, Inc. Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, youll work alongside top talent worldwide, tackling some of todays most complex and critical challenges in defense and security. We are currently seeking a Risk Management Framework (RMF) Analyst to support operations in Norfolk, VA. This is a full-time position requiring an active DoD TS clearance. This position is contingent upon contract award with an expected award date of January 2026. What Youll Do ​​​​​​​Design and maintain enterprise and systems security throughout the development lifecycle in alignment with DoD and DoN RMF guidance.Conduct assessments of management, operational, and technical security controls to evaluate system compliance and risk postureMaintain and update RMF and A&A documentation across the OPTEVFOR Cyber OT&E mission, including revisions in eMASS and DADMS.Create, validate, and revise cybersecurity SOPs, system security plans (SSPs), contingency plans, and privacy impact assessments.Review and maintain inventories of authorized software, GFE, ports, protocols, and circuit registrations (GIAP/SNAP).Execute annual RMF reviews and STIG validations on systems, identifying and recommending corrective actions for non-compliance.Support configuration audits, vulnerability scans, POA&Ms, SARs, test plans, and documentation of RMF lifecycle artifacts.Lead semi-annual tabletop exercises and review business impact analysis and disaster recovery plans for compliance.Serve on the Configuration Control Board (CCB), ensuring approved changes are reflected in security documentation.Provide technical reports on system scan results, cybersecurity compliance, and configuration management.Advise stakeholders on risk management, ATO strategy, and secure architecture to meet mission requirements.What Youll Bring Required Qualifications: Education & Experience: Minimum 5 years of experience designing enterprise/system security throughout the development lifecycle.Minimum 3 years conducting assessments of security controls and authoring RMF documentation.Minimum 3 years of experience supporting RMF certification and accreditation efforts for DoD/DON systems.Familiarity with eMASS, DADMS, GIAP, STIGs, and the DoDI 8510 series.Strong working knowledge of NIST SP 800-series, DoD cybersecurity policies, and A&A lifecycle artifacts.Must have a current and active DoD TS security clearance with the ability to obtain a SCI clearance.Proficient with modern IT tools and infrastructure technologies Preferred (Nice to Have): Experience supporting OT&E environments, including cyber test toolset and infrastructure validation.Knowledge of network architecture, PKI, firewall and encryption methods, and multilevel/cross-domain security solutions.Ability to translate technical requirements into secure designs that meet mission and compliance objectives.Knowledge of PII data security, program protection planning, and enterprise security architecture frameworks.Proficiency in system hardening, vulnerability remediation, and documentation for RMF artifacts.Experience conducting security audits, contingency plan tests, and cloud-based system evaluations.Travel & Passport Some overnight stays possible. Work Environment Compliance with vaccination and medical requirements for TDY/OCONUS roles as per

Created: 2025-09-22