Cyber Risk Management Framework (RMF) Analyst

Liberty Business Associates•Charleston, SC

20d•Onsite

About The Position

Are you a seasoned professional looking for new opportunities, or are you seeking an exciting challenge? A career working as a Government Contractor can give you that. At Liberty Business Associates, LLC, we offer a small company environment with competitive benefits where people can be proud knowing their job makes a difference for the warfighters. Our company is built on people who are passionate, innovative, and thrive on expanding their knowledge and providing their experience to our clients. Everyone brings their individual talents to the table, and they are rewarded with professional growth. Would you like to be part of our energized team to grow on a professional and personal level? About Liberty Business Associates, LLC: Liberty Business Associates, LLC is a woman-owned small business. Our vision is to be consistently recognized as the best small business in our industry with which clients, industry partners, and employees want to work. Liberty’s success is driven by our Core Values of Integrity, Dedication, Innovation, and Collaboration. Liberty’s mission is to consistently deliver value-driven solutions. We partner with our clients to truly understand their objectives, issues, and constraints by practicing consistent communication and flexibility. These values are why Liberty is successful at what we do. At Liberty Business Associates, we offer a 401K plan, Health Benefits, Dental, Vision, Life Insurance, Short- and Long-Term Disability, Paid Holidays, Paid Time Off, Sick Leave, and Tuition Reimbursement (at all levels). Position Title: Risk Management Framework (RMF) Analyst Position Location: Charleston, SC The Risk Management Framework (RMF) Analyst plays a critical role in obtaining and maintaining authorization of core infrastructure systems managed by Data Center and Cloud Hosting Services (DC2HS). This position requires hands-on experience with Enterprise Mission Assurance Support Services (eMASS) to capture information and artifacts necessary for authorization in accordance with the Department of the Navy (DoN) RMF Process Guide, Navy Security Control Assessor Risk Assessment Guide, CYBERSAFE requirements, and other applicable agency policies. The RMF Analyst will collaborate with system owners, developers, and security personnel to identify, assess, and mitigate risks throughout the system lifecycle. A strong working knowledge of the Navy’s RMF process and tools such as eMASSter and RAFT is essential. Will review and assess technical test results (e.g., ACAS scans, SCAP scans, Evaluate STIG results, STIG checklists) and work with engineers/cybersecurity teams to resolve findings, Conduct periodic security reviews and audits to maintain compliance, update Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON) records, if applicable.

Requirements

Bachelor’s degree in a technical or managerial discipline OR High School Diploma/GED with equivalent experience.
Must meet the latest DoD 8570.1M / DoD 8140 cybersecurity workforce training and certification requirements.
5+ years of relevant experience with a Bachelor’s degree OR 7+ years with a HS Diploma/GED in Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A)/Certification & Accreditation (C&A).
Demonstrated working knowledge of the Risk Management Framework (RMF).
Experience with eMASS, ACAS, and related Information Assurance tools.
Familiarity with ATO requirements, security policies, and compliance documentation.
Ability to evaluate security solutions, supervise/maintain operational security posture, and ensure compliance with change management/configuration control.
At least one (1) of the following : CompTIA Security+ , CompTIA Advanced Security Practitioner (CASP) Certified Information Systems Security Professional (CISSP)
At least one (1) of the following : - IEEE CS Software Development Associate Engineer Certification - Microsoft role-based certifications (e.g., MCAD, MCDBA) - Red Hat Certification Program (RHCP) - Cisco Certified Network Associate (CCNA) - Oracle Certified Associate (relevant technology) - VMware Certified Technical Associate – Data Center Virtualization - Citrix Certified Administrator - Cloud certifications (e.g., AWS Architect, Developer, Sys Ops Associate)
Must be certified at Information Assurance Technical (IAT) Level II or higher.

Responsibilities

Review and assess technical test results (e.g., ACAS scans, SCAP scans, Evaluate STIG results, STIG checklists) and work with engineers/cybersecurity teams to resolve findings
Conduct periodic security reviews and audits to maintain compliance
Update Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON) records, if applicable