Risk Management Framework (RMF) Analyst (Remote)

Oxley Enterprises®, Inc.Stafford, VA
$72,517 - $111,100Remote

About The Position

The RMF Analyst supports all six steps of the NIST RMF process and develops, updates, and maintains required RMF documentation for hosted applications. This role is crucial for sustaining the authorization lifecycle of a mission-critical Department of Veterans Affairs (VA) cloud platform, particularly within an environment undergoing active restructuring. The analyst will be responsible for maintaining required documentation across this authorization environment.

Requirements

  • 5 years of experience supporting NIST RMF processes
  • Excellent knowledge of all six steps of the NIST RMF process (e.g., Categorize, Select, Implement, Assess, Authorize, and Monitor)
  • Excellent ability to develop, update, and maintain required RMF documentation (e.g., Disaster Recovery Plan documentation)
  • Excellent experience performing continuous monitoring activities
  • Excellent ability to implement and maintain required NIST security controls
  • Excellent experience preparing and submitting required artifacts for Authorization to Operate (ATO) packages and reauthorization efforts
  • Above average ability to coordinate with security personnel and third-party assessors during authorization reviews
  • Above average experience supporting change documentation and impact analysis
  • Experience supporting a federal agency
  • Excellent verbal and written communication skills
  • Active Federal Civilian Public Trust clearance
  • U.S. Citizenship or Permanent Resident that has lived in the United States for at least 3 years

Nice To Haves

  • CompTIA Security+

Responsibilities

  • Supports all six steps of the NIST RMF process
  • Develops, updates, and maintains required RMF documentation including Disaster Recovery Plan documentation that is complete, current, and aligned with system architecture and operational practices
  • Ensures continuous monitoring activities are performed in accordance with VA Office of Information and Technology (OI&T) policies
  • Maintains recorded platform security posture and associated controls in Continuous Authorization Monitoring (CAM) or equivalent systems
  • Implements and maintains required NIST security controls in accordance with the approved baseline
  • Supports conversions to new NIST versions as standing policies are superseded
  • Validates security control effectiveness through automated testing, configuration validation, and periodic assessments
  • Prepares and submits required artifacts for ATO packages and reauthorization efforts for all products and services hosted or supported by the application
  • Coordinates with security personnel and third-party assessors during authorization reviews
  • Addresses assessment findings and provides remediation plans within defined timelines
  • Supports change documentation and impact analysis for architectural or operational modifications
  • Maintains Plan of Action and Milestones (POA&M) accuracy and supports timely closure of findings
  • Contributes RMF lifecycle status, security control implementation progress, and continuous monitoring data to the monthly RMF, security, and ATO status report

Benefits

  • Medical, dental, vision and prescription drug coverage for you and your family.
  • Life Insurance, short-term disability and long-term disability paid for by the Company.
  • Supplemental coverages including Accident, Critical Illness, and Hospital.
  • Additional Life insurance coverage for you and your dependents.
  • 401k plan with various options to select based on your retirement goals.
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service