×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer Information Security

Risk Management Framework RMF Analyst

Job in Norfolk, Virginia, 23500, USA
Listing for: Geospatial And Cloud Analytics Inc
Full Time position
Listed on 2026-01-12
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, Information Security
Salary/Wage Range or Industry Benchmark: 90000 - 120000 USD Yearly USD 90000.00 120000.00 YEAR
Job Description & How to Apply Below

The RMF Analyst supports OPTEVFOR Cyber Operational Test & Evaluation (OT&E) missions by applying enterprise‑and system‑level security architecture expertise across the system development lifecycle. The role ensures alignment with evolving laws, regulations, and DoD and Department of the Navy (DoN) cybersecurity policies
, and contributes to Risk Management Framework (RMF) activities across all lifecycle phases.

The Security Architect translates complex technical, operational, and environmental requirements into effective security architectures; supports system categorization, policy documentation, security control selection and implementation; and conducts comprehensive assessments of management, operational, and technical security controls to evaluate effectiveness. The position also provides project management and subject matter expertise to guide certification and accreditation (A&A) activities for Cyber OT&E test infrastructure and toolsets, working closely with internal stakeholders and external oversight organizations to ensure timely and compliant system authorizations.

Security

Clearance Requirement

Eligibility for Top Secret / Sensitive Compartmented Information (TS/SCI).

Qualifications
  • Minimum of five (5) years of experience designing and integrating enterprise and system security architectures across the development lifecycle
  • Minimum of three (3) years of experience conducting RMF-related assessments of management, operational, and technical security controls within DoD IT systems
  • Minimum of three (3) years of experience providing project management, subject matter expertise, and hands‑on support for system certification and accreditation efforts in accordance with DoD/DoN cybersecurity policies and RMF guidance
Key Responsibilities Security Architecture and RMF Support
  • Apply enterprise and system‑level security architecture principles to support OPTEVFOR Cyber OT&E missions
  • Support RMF activities across all steps, including system categorization, control selection, control implementation, assessment, authorization, and continuous monitoring
  • Provide RMF support consistent with the RMF Process Guide (RPG) for the Information Systems Security Engineer (ISSE) role
  • Evaluate security architectures and designs to determine adequacy and alignment with mission and enterprise objectives
  • Define and document the impact of new systems, interfaces, or changes on overall security posture
Documentation, Compliance, and Governance
  • Create, review, update, and validate cybersecurity Standard Operating Procedures (SOPs)
  • Maintain inventories of authorized software
    , Government Furnished Equipment (GFE), and removable media
  • Maintain and update all RMF and A&A documentation to ensure accuracy, relevance, and alignment with OPTEVFOR Cyber OT&E assets, including required updates in eMASS
  • Ensure traceability across all RMF artifacts, including:
    • A&A Plans
    • Plans of Action and Milestones (POA&Ms)
    • Security Assessment Reports (SARs)
    • Network topologies
    • Software inventories
    • Ports, protocols, and services
    • Test plans
  • Maintain system and network documentation in DoD IT Portfolio Repository–DoN (DITPR-DON) / DADMS
  • Maintain documentation and registration of network ports, protocols, services, and circuits, including GIAP and SNAP
  • Track and report weekly status of all outstanding A&A actions and supporting documentation
  • As a member of the Configuration Control Board (CCB), ensure approved changes are accurately and timely reflected in A&A documentation
Assessment, Validation, and Hardening
  • Conduct comprehensive annual RMF package reviews to ensure continued compliance of Cyber OT&E toolsets, networks, and systems
  • Execute DISA STIG validations in conjunction with RMF/A&A reviews in accordance with DoDI 8510 series
  • Audit and validate system and network configurations against STIGs; define and implement compensating controls when required to support mission execution
  • Support compliance validation for current and emerging directives (e.g.,
    IAVs, STIGs, TASKORDs, CTOs
    )
  • Provide recommendations for corrective actions to remediate non‑compliant security controls
  • Prepare and maintain vulnerability scan results, system security assessments, and configuration…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search
Learn4Good is currently undergoing necessary server maintenance.
We hope to have the Login & Registration options back in 5 minutes, and apologize for any inconvenience.