Cambridge International Systems, Inc. · 4 months ago
Risk Management Framework (RMF) Analyst – Top Secret Clearance | Norfolk, VA
Norfolk, VA
Full-time
Onsite
Mid, Senior Level
5+ years expCambridge International Systems, Inc. is a global team focused on defense and security challenges. They are seeking a Risk Management Framework (RMF) Analyst to design and maintain security throughout the development lifecycle, conduct assessments of security controls, and manage RMF documentation.
Cyber SecurityInformation Technology
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Design and maintain enterprise and systems security throughout the development lifecycle in alignment with DoD and DoN RMF guidance
Conduct assessments of management, operational, and technical security controls to evaluate system compliance and risk posture
Maintain and update RMF and A&A documentation across the OPTEVFOR Cyber OT&E mission, including revisions in eMASS and DADMS
Create, validate, and revise cybersecurity SOPs, system security plans (SSPs), contingency plans, and privacy impact assessments
Review and maintain inventories of authorized software, GFE, ports, protocols, and circuit registrations (GIAP/SNAP)
Execute annual RMF reviews and STIG validations on systems, identifying and recommending corrective actions for non-compliance
Support configuration audits, vulnerability scans, POA&Ms, SARs, test plans, and documentation of RMF lifecycle artifacts
Lead semi-annual tabletop exercises and review business impact analysis and disaster recovery plans for compliance
Serve on the Configuration Control Board (CCB), ensuring approved changes are reflected in security documentation
Provide technical reports on system scan results, cybersecurity compliance, and configuration management
Advise stakeholders on risk management, ATO strategy, and secure architecture to meet mission requirements
Qualification
Required
Minimum 5 years of experience designing enterprise/system security throughout the development lifecycle
Minimum 3 years conducting assessments of security controls and authoring RMF documentation
Minimum 3 years of experience supporting RMF certification and accreditation efforts for DoD/DON systems
Familiarity with eMASS, DADMS, GIAP, STIGs, and the DoDI 8510 series
Strong working knowledge of NIST SP 800-series, DoD cybersecurity policies, and A&A lifecycle artifacts
Must have a current and active DoD TS security clearance with the ability to obtain a SCI clearance
Proficient with modern IT tools and infrastructure technologies
Preferred
Experience supporting OT&E environments, including cyber test toolset and infrastructure validation
Knowledge of network architecture, PKI, firewall and encryption methods, and multilevel/cross-domain security solutions
Ability to translate technical requirements into secure designs that meet mission and compliance objectives
Knowledge of PII data security, program protection planning, and enterprise security architecture frameworks
Proficiency in system hardening, vulnerability remediation, and documentation for RMF artifacts
Experience conducting security audits, contingency plan tests, and cloud-based system evaluations
Benefits
Medical, dental, vision, life, accident, and critical illness insurance
401(k) immediate vesting and match
Paid time off and company holidays
Generous tuition & training support
Relocation assistance
Sign-on and performance-based bonuses
Employee referral program
Access to Tickets at Work, EAP, wellness initiatives, and more
Company
Cambridge International Systems, Inc.
At Cambridge International Systems, Inc. we design and deliver innovative and adaptive solutions to address capacity-building needs and enable success.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Lisa Black
Chief Administrative Officer (CAO)
Recent News
Small Business Trends
2025-12-03
The Express Tribune
2025-07-02
Company data provided by crunchbase