Risk Management Framework (RMF) Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

GCA · 1 day ago

Risk Management Framework (RMF) Analyst

positionNorfolk, VA 23462
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

GCA is a minority veteran owned small business providing solutions in the intelligence and information technology industries. The RMF Analyst supports OPTEVFOR Cyber Operational Test & Evaluation missions by applying security architecture expertise and ensuring compliance with cybersecurity policies throughout the system development lifecycle.

Information Technology & Services
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Apply enterprise and system-level security architecture principles to support OPTEVFOR Cyber OT&E missions
Support RMF activities across all steps, including system categorization, control selection, control implementation, assessment, authorization, and continuous monitoring
Provide RMF support consistent with the RMF Process Guide (RPG) for the Information Systems Security Engineer (ISSE) role
Evaluate security architectures and designs to determine adequacy and alignment with mission and enterprise objectives
Define and document the impact of new systems, interfaces, or changes on overall security posture
Create, review, update, and validate cybersecurity Standard Operating Procedures (SOPs)
Maintain inventories of authorized software, Government Furnished Equipment (GFE), and removable media
Maintain and update all RMF and A&A documentation to ensure accuracy, relevance, and alignment with OPTEVFOR Cyber OT&E assets, including required updates in eMASS
Ensure traceability across all RMF artifacts, including: A&A Plans, Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), Network topologies, Software inventories, Ports, protocols, and services, Test plans
Maintain system and network documentation in DoD IT Portfolio Repository–DoN (DITPR-DON) / DADMS
Maintain documentation and registration of network ports, protocols, services, and circuits, including GIAP and SNAP
Track and report weekly status of all outstanding A&A actions and supporting documentation
As a member of the Configuration Control Board (CCB), ensure approved changes are accurately and timely reflected in A&A documentation
Conduct comprehensive annual RMF package reviews to ensure continued compliance of Cyber OT&E toolsets, networks, and systems
Execute DISA STIG validations in conjunction with RMF/A&A reviews in accordance with DoDI 8510 series
Audit and validate system and network configurations against STIGs; define and implement compensating controls when required to support mission execution
Support compliance validation for current and emerging directives (e.g., IAVs, STIGs, TASKORDs, CTOs)
Provide recommendations for corrective actions to remediate non-compliant security controls
Prepare and maintain vulnerability scan results, system security assessments, and configuration management findings to inform authorization decisions
Document assessment activities and results in sufficient detail to support independent external review
Develop or contribute to security test plans and supporting documentation to verify security control implementation and inform ongoing risk determinations
Conduct and document semi-annual tabletop exercises (twice per calendar year)
Review and analyze IT contingency and disaster recovery plans for compliance with NIST and DoN requirements
Develop system-specific contingency planning checklists and support contingency plan exercises and training
Work independently or in small teams to resolve tasks with minimal supervision

Qualification

Risk Management Framework (RMF)Enterprise security architectureCertificationAccreditation (A&A)Cybersecurity policies complianceDISA STIG validationsProject managementAnalytical skillsDocumentation skillsTeam collaborationCommunication skills

Required

Minimum of five (5) years of experience designing and integrating enterprise and system security architectures across the development lifecycle
Minimum of three (3) years of experience conducting RMF-related assessments of management, operational, and technical security controls within DoD IT systems
Minimum of three (3) years of experience providing project management, subject matter expertise, and hands-on support for system certification and accreditation efforts in accordance with DoD/DoN cybersecurity policies and RMF guidance
Eligibility for Top Secret / Sensitive Compartmented Information (TS/SCI)

Company

GCA

twitter
Glassdoor3.4
company-logo
GCA is a veteran owned small business providing solutions to customer requirements in every realm of the intelligence and information technology industries to include, imagery/intelligence analysis, related systems engineering and administration, operations and maintenance, networking and VTC services.
dateFounded in 2015
location
Manassas, VA, US
people-size11-50 employees
web-link
https://www.gcanext.com

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Anthony Tannoya
Chief Executive Officer
linkedin
leader-logo
Michael Dorr
Vice President & COO
linkedin
Company data provided by crunchbase