Risk Management Framework (RMF) Analyst

Intelligent Waves LLC•Norfolk, VA

1d•Onsite

About The Position

Intelligent Waves is seeking a Risk Management Framework Analyst to support a U.S. Navy cyber Operational Test and Evaluation mission across platforms, systems, and test infrastructure. This role applies enterprise and system-level cybersecurity expertise across the system development lifecycle to ensure compliance with Department of Defense and Department of the Navy cybersecurity policies. The analyst translates complex operational, technical, and environmental requirements into effective security architectures and executes Risk Management Framework activities across all phases of the authorization process. Responsibilities include system categorization, security and policy documentation, control selection and implementation, and assessment of management, operational, and technical security controls. This role provides RMF support in accordance with the RMF Process Guide for the ISSE role and supports certification and authorization activities for operational test infrastructure and cyber toolsets. The analyst works closely with internal stakeholders and external oversight organizations to ensure timely, accurate, and compliant system authorizations. This position is contingent upon final contract and funding approval. 🌎 Location: Norfolk, VA ✈️ Travel: None 🛡️ Clearance Requirement: TS/SCI Intelligent Waves delivers mission-focused multi-domain operational expertise and innovation to the Government through high-impact technology solutions in cybersecurity, data science, enterprise network & systems engineering, software development, and cognitive human performance. ANYTIME. ANYWHERE. ANY DOMAIN. Since 2006, we have proudly served federal agencies including the Department of Defense. Our ability to operate globally in a wide range of environments, coupled with our deep understanding of customer needs and requirements, enables us to provide cost-effective solutions to support the most complex missions. Adherence to all customer site protocols is mandatory for employees.

Requirements

5+ years of experience integrating enterprise and system security controls across the system development lifecycle.
3+ years of experience executing RMF activities, including assessment of management, operational, and technical controls for DoD IT systems.
3+ years of experience supporting system authorization and accreditation efforts in accordance with DoD and DoN cybersecurity policy.
Experience maintaining security artifacts and inventories, including authorized software, government-furnished equipment, removable media, and system documentation.
Experience developing and maintaining system, network, and circuit documentation within DoD repositories and approval systems (e.g., DITPR-DON, DADMS, GIAP, SNAP).
Experience tracking, reporting, and briefing authorization actions and Configuration Control Board-approved changes.
Knowledge of DoD cybersecurity directives (IAVs, TASKORDs, CTOs) and supporting compliance validation and external reviews.
Experience conducting tabletop or contingency exercises and reviewing IT contingency and disaster recovery plans for NIST and DoN compliance.

Responsibilities

Manage RMF and A&A activities, including eMASS updates, annual package reviews, POA&Ms, SARs, and authorization artifacts.
Perform security control assessments, DISA STIG validations, and configuration audits; identify gaps and recommend corrective actions or compensating controls.
Track, report, and brief the status of outstanding security findings and authorization actions.
Support Configuration Control Board (CCB) activities and ensure approved changes are reflected in security authorization documentation.
Develop, maintain, and validate cybersecurity Standard Operating Procedures (SOPs) and security documentation.
Maintain accurate inventories for authorized software, government-furnished equipment, network configurations, ports, protocols, and services.
Maintain system and network records within DoD repositories including DITPR-DON, DADMS, GIAP, and SNAP.
Provide cybersecurity subject matter expertise to support compliance with DoD, DoN, NIST, and mission-specific security requirements.
Ensure systems, servers, laptops, and network devices are securely configured and validated prior to deployment.
Review, assess, and support IT contingency and disaster recovery plans.
Participate in and document tabletop or contingency exercises.
Operate independently or within small teams to execute cybersecurity tasks with minimal supervision.

Benefits

Intelligent Waves offers a generous benefits package including medical, dental, vision, paid PTO, life and disability insurance.
We invest in our employees’ futures by contributing with vesting starting from DAY 1, technical training, tuition bonuses, and much more.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume