Risk Management Framework (RMF) Analyst â TS/SCI Clearance | Norfolk, VA
Risk Management Framework (RMF) Analyst â TS/SCI Clearance | Norfolk, VA
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Risk Management Framework (RMF) Analyst TS/SCI Clearance Norfolk VA
Cambridge International Systems Inc.
Join a dynamic global team united by shared values: commitment integrity and perseverance. At Cambridge youll work alongside top talent worldwide tackling some of todays most complex and critical challenges in defense and security.
We are currently seeking a Risk Management Framework (RMF) Analyst to support operations in Norfolk VA. This is a full-time position requiring an active DoD TS/SCI clearance.
This position is contingent upon contract award with an expected award date of November 2025.
What Youll Do
Create review update and validate cybersecurity Standard Operations Procedures (SOPs) as required.
Review and maintain an inventory of authorized software (software custodian).
Review and maintain an inventory of government furnished devices and media.
Ensure configurations on laptops and servers are validated prior to being deployed (as required)
Audit and validate configurations of network devices based on STIGs or defining and implementing compensating controls of such STIGs as required to ensure mission execution.
Maintain and update all RMF and A&A documentation to ensure relevancy and alignment with the cyber OT&E mission assets to include required revisions and updates in eMASS.
Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset networks and/or systems.
Ensure traceability is maintained throughout the RMF submission process (e.g. A&A plan Plan Of Action and Milestones (POA&M) Security Assessment Report (SAR) topology software ports protocols and services test plan).
Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON / DADMS.
Maintain documentation and registration of network ports protocols and services.
Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP).
Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation.
As a member of the Configuration Control Board (CCB) ensure CCB approved changes are timely and accurately reflected in the A&A documentation.
Support compliance validation of current and future directives (e.g.: IAVs STIGs TASKORD/CTOs).
Provide recommendations for corrective action of any non-compliant security controls.
Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with eh DoD Instruction 8510 series Risk Management Framework for DoD systems..
Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
Prepare reports on scanning results and configuration management observations monthly.
Document assessment activities and results in sufficient detail to enable external review of all assessment processes activities results and conclusions.
Conduct and document a semi-annual tabletop exercise Twice in a calendar year.
Produce test plans draft after actions and other documents for review and comment.
Review and/or revise Business Impact Analysis (BIA) to include business process IT dependency and physical security assessments annually.
Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance and produce checklists for IT systems.
Assist with exercise and/or training and documentation of IT contingency plan and execution Able to work alone or in a small group to resolve tasks independently with minimal supervision.
Adhere to guidance outlined in RMF Process Guide Youll Bring
Required Qualifications:
Education & Experience:
Minimum 5 years experience designing enterprise and systems security throughout the development lifecycle.
Minimum 3 years experience conducting thorough assessments of management operational and technical security controls within IT systems
Certifications:
Minimum 3 years experience providing project management subject matter expertise and hands-on experience for systems certification and accreditation efforts in accordance with applicable DOD and DON policies and guidance.
Eligible to obtain and keep active a DoD TS/SCI security clearance.
Proficient with modern IT tools and infrastructure technologies
Preferred (Nice to Have):
Knowledge of the organizations enterprise information security architecture system.
Ability to design and integrate security architectures and frameworks.
Skill in translating technology and environmental conditions (e.g. laws regulations) into security designs and processes.
Knowledge of integrating organizational goals into security architecture.
Ability to apply network security architecture concepts including topology protocols components and principles (e.g. defense-in-depth).
Skill in designing multi-level security and cross-domain solutions.
Knowledge of cybersecurity-enabled software products and how they fit into security designs.
Perform comprehensive assessments of management operational and technical security controls and enhancements.
Document and address information security cybersecurity architecture and systems security engineering requirements throughout the acquisition lifecycle.
Evaluate security architectures and designs to determine their adequacy.
Develop and integrate cybersecurity designs for systems and networks with multilevel security requirements up to TS/SCI.
Define and document the impact of new systems or interfaces on the security posture of the environment.
Develop as needed security compliance processes and/or audits for external services (e.g. cloud service providers).
Provide project management and subject matter expertise in the Cyber OT&E test infrastructure and toolset certification and accreditation efforts.
Employ secure configuration management processes and ensure systems and architectures align with cybersecurity guidelines.
Provide advice on project costs design concepts and design changes.
Skill in applying cybersecurity methods such as firewalls demilitarized zones and encryption.
Knowledge of IT architectural concepts including baseline and target architectures.
Knowledge of key telecommunications concepts and principles.
Knowledge of network systems management principles and tools.
Knowledge of Cloud-based knowledge management technologies related to security and administration.
Skill in using PKI encryption and digital signatures.
Document and update architecture and related activities.
Translate proposed capabilities into technical requirements and security requirements into application design elements.
Provide input to the Risk Management Framework process and related documentation.
Knowledge of Personally Identifiable Information (PII) data security standards and program protection planning.
Knowledge of local specialized system requirements (e.g. critical infrastructure) and network security principles.
Ability to optimize systems to meet enterprise performance requirements.
Skill in using design methods and developing data management capabilities.
Travel & Passport
Some overnight stays possible.
Work Environment
Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR .
Office setting:
Primarily an office-based role in Norfolk VA
Standard desk/computer work with flexibility for walking and movement on site
Must be able to work in an office environment sitting at a desk looking at a computer for most of the workday.
Work is physically comfortable; the employee has discretion about sitting walking standing etc.
May be required to travel short distances to offices/conference rooms and buildings on site.
Background & Security
Employment is contingent upon successful background investigation
Drug screening may be required for federal contract compliance
Benefits & Perks
We believe in investing in our teamboth professionally and personally:
Medical dental vision life accident and critical illness insurance
401(k) immediate vesting and match
Paid time off and company holidays
Generous tuition & training support
Relocation assistance
Sign-on and performance-based bonuses
Employee referral program
Access to Tickets at Work EAP wellness initiatives and more
Join Us
If youre driven by mission technology and teamworkwe want to hear from you. Cambridge is growing and this position is just one of many opportunities on our global team. Know someone perfect for the role Referrals are welcomeboth employees and non-employees may qualify for a bonus.
Apply today and help shape the future of secure cloud computing for national security.
About Cambridge International Systems
At Cambridge innovation grows through diversity. We are proud to be an equal opportunity employer committed to creating an inclusive and supportive work environment for all. Learn more at .
Required Experience:
Manager
Employment Type
Full-Time
