RMF Analyst

About the Role

The RMF Analyst shall be responsible for providing cybersecurity expertise and RMF lifecycle management in support of NIWDC IWTTF systems. The analyst shall ensure all systems achieve and maintain compliance with Department of War (DoW) policies, enterprise objectives, and established governance processes. The analyst will manage system security posture from categorization to continuous monitoring, ensuring risks are properly mitigated and documented.

Responsibilities

• Lead the execution of all steps of the RMF process, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring.
• Develop, review, and maintain comprehensive RMF documentation, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plans of Action and Milestones (POA&Ms).
• Translate assessment outcomes into actionable product artifacts, including risk assessments, vulnerability reports, and recommendations for inclusion in the system's POAM.
• Coordinate with development teams, system owners, and enterprise stakeholders to validate security control implementation, assess integration impacts, and ensure alignment with established architecture and configuration governance processes.
• Prepare and deliver executive-level summaries and system security status briefings, capturing prioritized risks, compliance status, and strategic decisions impacting the system's authority to operate (ATO).

Minimum Experience and Requirements

• 5 years experience in cybersecurity, with a focus on Assessment & Authorization (A&A) and RMF.
• Experience creating and managing RMF documentation and utilizing tools such as eMASS.
• Experience conducting security control assessments and analyzing results from vulnerability scanning tools.
• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• DoD 8570/8140 IAT/IAM Level II certification (e.g., CompTIA Security+, CySA+).
• Must have an Active Top Secret/SCI US Government Clearance. Note: US Citizenship is required to obtain Top Secret/SCI Clearance.

Desired Experience/Qualifications

• Certified Information Systems Security Professional (CISSP) or Certified in Governance, Risk and Compliance (CGRC).
• Strong written and verbal communication skills, including preparation of reports, briefings, and documentation for Government stakeholders.

Compensation Details

US: $125,000 to $140,000 The compensation range or hourly rate listed for this position is provided as a good-faith estimate of what the company intends to offer for this role at the time this posting was issued. Actual compensation may vary based on factors such as job responsibilities, education, experience, skills, internal equity, market data, applicable collective bargaining agreements, and relevant laws.

Benefits Overview

Our health and welfare benefits are designed to support you and your priorities. Offerings include:

• Health, dental, and vision insurance
• Paid time off and holidays
• Retirement benefits (including 401(k) matching)
• Educational reimbursement
• Parental leave
• Employee stock purchase plan
• Tax-saving options
• Disability and life insurance
• Pet insurance

Note: Benefits may vary based on employment type, location, and applicable agreements. Positions governed by a Collective Bargaining Agreement (CBA), the McNamara-O'Hara Service Contract Act (SCA), or other employment contracts may include different provisions/benefits.