This job has closed.

SAIC · 2 months ago

Risk Management Framework Analyst

Charleston, SC

Full-time

Onsite

Senior Level

5+ years exp

SAIC is seeking a Risk Management Framework (RMF) Analyst for their customer site in North Charleston, SC. The RMF Analyst plays a critical role in obtaining and maintaining authorization of core infrastructure systems, collaborating with system owners and developers to identify and mitigate risks throughout the system lifecycle.

Information TechnologySecurityService IndustrySoftware

Work & Life Balance

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Develop and maintain RMF documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms)

Determine applicable security controls in alignment with NIST 800-53 and other guidance

Test and monitor security controls to ensure effectiveness

Review and assess technical test results (e.g., ACAS scans, SCAP scans, Evaluate STIG results, STIG checklists) and work with engineers/cybersecurity teams to resolve findings

Conduct periodic security reviews and audits to maintain compliance

Update Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON) records, if applicable

Work closely with system owners, developers, and stakeholders to integrate security across the system development lifecycle (SDLC)

Provide RMF guidance and best practices to system owners

Clearly communicate security risks, findings, and recommendations to leadership and stakeholders

Stay current with evolving threats, vulnerabilities, and compliance requirements

Recommend improvements to RMF documentation, processes, and reporting

Qualification

Risk Management Framework (RMF)EMASSCybersecurityNIST 800-53CompTIA Security+ACASAnalytical skillsProblem-solving skillsCommunication skillsDetail-oriented

Required

Bachelor's degree in a technical or managerial discipline OR High School Diploma/GED with equivalent experience

Must meet the latest DoD 8570.1M / DoD 8140 cybersecurity workforce training and certification requirements

5+ years of relevant experience with a Bachelor's degree OR 7+ years with a HS Diploma/GED in Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A)/Certification & Accreditation (C&A)

Demonstrated working knowledge of the Risk Management Framework (RMF)

Experience with eMASS, ACAS, and related Information Assurance tools

Familiarity with ATO requirements, security policies, and compliance documentation

Ability to evaluate security solutions, supervise/maintain operational security posture, and ensure compliance with change management/configuration control

At least one (1) of the following: CompTIA Security+, CompTIA Advanced Security Practitioner (CASP), Certified Information Systems Security Professional (CISSP)

At least one (1) of the following: IEEE CS Software Development Associate Engineer Certification, Microsoft role-based certifications (e.g., MCAD, MCDBA), Red Hat Certification Program (RHCP), Cisco Certified Network Associate (CCNA), Oracle Certified Associate (relevant technology), VMware Certified Technical Associate – Data Center Virtualization, Citrix Certified Administrator, Cloud certifications (e.g., AWS Architect, Developer, SysOps Associate)

Must be certified at Information Assurance Technical (IAT) Level II or higher

Must be a US Citizen with an active secret security clearance