RMF Analyst II

About The Position

Requirements

• A bachelor's degree in science, Technology, Engineering, Mathematics, IT, or business-related programs is required.
• 2+ years of experience in Cybersecurity compliance/Risk Management Framework.
• 2+ years of experience with RMF (NIST SP800-53, NIST SP 800-37 DoDI 8510.01), ATO packages, POA&M development, and system categorization is required.
• Baseline and Full Computing Environment Certifications for IAT-II IAW DoD 8570.01-M (Security+ certification) required.
• Must have an active Secret clearance with the ability to obtain TS with SCI eligibility.
• Experience with eMASS and/or Xacta is required (preferably eMASS)
• Experience working in a Unix/Linux environment
• Must have high proficiency in the Microsoft Office suite and possess advanced skills and knowledge in programs like Word, Excel, PowerPoint, and Outlook.
• Ability to meet minimum clearance requirements.
• Ability to work nights, weekends, and holidays as required.

Nice To Haves

• 2+ years’ experience supporting DoD or federal programs is highly desirable
• Cybersecurity certifications like CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or CGRC (Certified in Governance, Risk and Compliance) to obtain within 90 days of start date.
• Experience with cloud platforms like Amazon Web Services (AWS), Microsoft Azure, etc., and migrating customers/projects to the cloud
• Experience working in cloud infrastructures
• Must have an understanding of cloud technologies (e.g., AWS, Azure, GCP, Oracle) and hybrid cloud environments.
• Experience extracting, transforming, and structuring data to support both exploratory analytics and operational reporting.
• Strong creative and visual storytelling skills with an eye for design, usability, and user experience.
• Use expert knowledge of data visualization tools to deliver information that allows client users to quickly understand data, ask better questions, and take action.
• Possess knowledge and experience with data analysis and data technical expertise in data management, engineering, and science.
• Skillful time management and organizational skills to set and meet deadlines.
• Ability to work both independently and within a team.
• Ability to work effectively in a team environment to encourage collaboration, innovation, and continuous improvement.
• Ability to travel up to 10%.

Responsibilities

• Assist RMF practitioner managing ATO packages, continuous monitoring plans, and eMASS documentation.
• Deep understanding of cybersecurity frameworks, documentation, and technical validation processes, working closely with stakeholders and control assessors to ensure security and compliance.
• Provide weekly reporting to the senior task lead.
• Assist in the optimization of the current process to streamline the approval process with the Program Information Security System Manager (P-ISSM) prior to submissions to the Authorizing Official (AO).
• Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
• Track timely and high-quality completion of process tasks and milestones, and report on the status of key milestones to the senior task lead.
• Assist with overseeing the cybersecurity lifecycle from inception to completion.
• Develop, review, and update documentation to ensure compliance with RMF and Continuous Monitoring requirements.
• Provide direct support to Control Assessors, assisting in the preparation and review of authorization information and documentation for RMF and Continuous Monitoring.
• Maintain and update system security documentation (SSPs, POA&Ms, etc.).
• Evaluate and validate technical processes related to ATO (Authority to Operate) requirements, ensuring alignment with cybersecurity standards.
• Assisting in the preparation and review of authorization information and documentation for RMF and Continuous Monitoring.
• Assist with eMASS package completion and maintenance, including artifacts, self-assessments, and asset management.
• Conduct Security Tests & Evaluations (ST&E) and risk assessments.
• Review project schedules, requirements, and risk assessments, offering recommendations to program stakeholders to enhance security posture.
• Assist with the security plans, as well as assessment reports, plans of action, and milestones for remediation. Defines criticality or sensitivity of systems, performs categorization calculations, and recommends corrective action.
• Develop security plans, as well as assessment reports, plans of action, and milestones for remediation. Defines criticality or sensitivity of systems, performs categorization calculations, and recommends corrective action.
• Recommend baseline security controls, assess changes in controls, and coordinate changes to security authorizations.
• Conduct evaluations to verify that design and implementation meet requirements.
• Confirm that all necessary supporting documents (e.g., Incident Response Plan, Configuration Management Plan, Contingency Plan) are present, complete, and have been reviewed and approved.
• Confirm that every finding is identified and tracked in the POA&M. Ensure each POA&M item has a realistic mitigation strategy, defined resources, and a scheduled completion date.
• Assist with the preparation of test plans and conduct security control testing IAW with NIST SP800-53, DoDI 8510.01, NIST SP 800-37 Rev. 2.
• Other duties as assigned.

Benefits

• professional development
• well-being programs