Senior Cybersecurity Compliance Analyst (RMF) - TS/SCI

About The Position

Requirements

• Must possess an active Department of Defense (DoD) TS/SCI security clearance.
• Must be eligible for SAP access based on tasking.
• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent combination of education and experience)
• One or more of the following IAM Level II/III certifications: CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CASP+ (CompTIA Advanced Security Practitioner), Security+ CE (minimum for IAM Level II)
• 10+ years of experience in cybersecurity analysis, information assurance, or RMF/compliance roles within DoD/DoN environments.
• Strong working knowledge of DoD cybersecurity frameworks, including RMF (DoDI 8510.01), NIST SP 800-53/171, CNSSI 1253, and DoD Zero Trust Architecture.
• Proven experience supporting IATT/ATO processes and managing RMF artifacts, including SSPs, POA&Ms, inheritance mappings, and eMASS workflows.
• Experience conducting vulnerability scanning and compliance validation using tools such as ACAS/Tenable Nessus, SCAP Compliance Checker (SCC), and STIG Viewer.
• Experience with SIEM platforms (e.g., Splunk) for security event monitoring and analysis in support of RDT&E and operational test environments.
• Familiarity with DoD Cloud SRG requirements and compliance assessment of cloud-based environments (IL4–IL6).
• Strong understanding of security control assessment methodologies (NIST SP 800-53A) and continuous monitoring processes.
• Experience supporting cybersecurity compliance in RDT&E, test, or non-enterprise environments where flexibility and rapid iteration are required.
• Ability to analyze risk, prioritize remediation, and provide clear, actionable recommendations to engineering teams and leadership.
• Strong analytical, written, and briefing skills, with the ability to communicate security posture and risk to technical and non-technical stakeholders.
• Ability to work independently, manage competing priorities, and operate effectively in fast-paced, mission-driven environments.

Nice To Haves

• Experience supporting DoD test ranges, RDT&E programs, or operational environments (e.g., NAWCWD, NAVAIR, Point Mugu Sea Range).
• Experience assessing cybersecurity compliance of developmental, prototype, or field-deployable systems (e.g., TRL 4–6) in non-enterprise environments.
• Familiarity with contractor and program compliance frameworks, including CMMC 2.0 Level 2, EO 14028, and DoD Cloud SRG (IL6) requirements.
• Knowledge of specialized compliance domains, including cross-domain solutions (CDS), TEMPEST/EMSEC considerations, and COMSEC validation requirements.
• Experience supporting security assessments in complex environments involving OT/IT convergence, instrumentation systems, telemetry, or autonomous/USV platforms.
• Familiarity with data handling and protection requirements, including ITAR/EAR-controlled data and FMS program security requirements.
• Familiarity with T&E range environments and standards (e.g., IRIG-106) and their impact on cybersecurity compliance and data handling.
• Additional relevant certifications such as CAP, CISA, CEH, CCSP, Tenable Certified, or Splunk Core Certified User.

Responsibilities

• Assess and validate cybersecurity compliance of R&D test environments and prototype systems against DoD frameworks (RMF, NIST SP 800-53, CNSSI 1253, Zero Trust, EO 14028), ensuring systems meet security requirements without disrupting testing and development.
• Conduct vulnerability scanning and compliance validation using tools such as ACAS/Tenable Nessus, SCAP Compliance Checker (SCC), and STIG Viewer; analyze results, document findings, and track remediation efforts across Windows, Linux, and network environments.
• Support development and maintenance of RMF authorization artifacts within eMASS (SSPs, POA&Ms, risk assessments, inheritance mappings), while owning POA&M tracking and coordinating remediation with engineering and IT teams.
• Perform security control assessments (NIST SP 800-53A) and maintain evidence, documentation, and continuous monitoring activities to reflect system security posture and residual risk in dynamic test environments.
• Monitor systems for security events and anomalies using SIEM tools (e.g., Splunk) during RDT&E event windows, escalating and documenting incidents in accordance with established response procedures.
• Evaluate and verify compliance of cloud and data environments aligned to DoD Cloud SRG requirements (including IL6) supporting instrumentation, telemetry, and data pipeline activities.
• Support audit readiness by preparing compliance packages, reports, dashboards, and briefings for program leadership and Government stakeholders (e.g., NAVAIR, NAWCWD).
• Analyze and validate security configurations proposed by engineering teams, providing risk analysis and actionable compliance guidance.
• Ensure proper handling and protection of sensitive information, including CUI, COMSEC, and ITAR/EAR-controlled data, in accordance with DoD policies.
• Coordinate with Government cybersecurity authorities (ISSM, AO, SCA) to support test environment authorizations and compliance activities in a contractor support role.
• Generate and maintain recurring and ad-hoc reporting, including POA&M status, security posture metrics, and compliance scorecards for leadership visibility and decision-making.
• Maintain awareness of emerging threats, vulnerabilities, and policy updates, advising program leadership on impacts to RDT&E environments and compliance posture.
• Operate across office, laboratory, and operational environments, coordinating closely with IT, engineering, and program teams to support cybersecurity activities.
• Support test events and elevated operational periods as needed, including up to 20% travel to meet program and mission requirements.

Benefits

• long-term career opportunities