Risk Management Framework Analyst
Amentum•Norfolk, VA
About The Position
The RMF Analyst shall be responsible for providing cybersecurity expertise and RMF lifecycle management in support of NIWDC IWTTF systems. The analyst shall ensure all systems achieve and maintain compliance with Department of War (DoW) policies, enterprise objectives, and established governance processes. The analyst will manage system security posture from categorization to continuous monitoring, ensuring risks are properly mitigated and documented.
Requirements
- 5 years experience in cybersecurity, with a focus on Assessment & Authorization (A&A) and RMF.
- Experience creating and managing RMF documentation and utilizing tools such as eMASS.
- Experience conducting security control assessments and analyzing results from vulnerability scanning tools.
- Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
- DoD 8570/8140 IAT/IAM Level II certification (e.g., CompTIA Security+, CySA+).
- Must have an Active Top Secret/SCI US Government Clearance.
- US Citizenship is required to obtain Top Secret/SCI Clearance.
Nice To Haves
- Certified Information Systems Security Professional (CISSP) or Certified in Governance, Risk and Compliance (CGRC).
- Strong written and verbal communication skills, including preparation of reports, briefings, and documentation for Government stakeholders.
Responsibilities
- Lead the execution of all steps of the RMF process, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.
- Develop, review, and maintain comprehensive RMF documentation, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plans of Action and Milestones (POA&Ms).
- Translate assessment outcomes into actionable product artifacts, including risk assessments, vulnerability reports, and recommendations for inclusion in the system's POAM.
- Coordinate with development teams, system owners, and enterprise stakeholders to validate security control implementation, assess integration impacts, and ensure alignment with established architecture and configuration governance processes.
- Prepare and deliver executive-level summaries and system security status briefings, capturing prioritized risks, compliance status, and strategic decisions impacting the system's authority to operate (ATO).
Benefits
- Health, dental, and vision insurance
- Paid time off and holidays
- Retirement benefits (including 401(k) matching)
- Educational reimbursement
- Parental leave
- Employee stock purchase plan
- Tax-saving options
- Disability and life insurance
- Pet insurance
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
