We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
ANALYGENCE jobs

RMF Analyst

ANALYGENCE
United States, Virginia, Norfolk
Nov 07, 2025

ANALYGENCE is pursuing an opportunity to support the US Navy with operational test and evaluation support.

The RMF Analyst will conduct comprehensive evaluations of management, operational, and technical security controls, both implemented and inherited, to determine overall control effectiveness and compliance. The Security Architect also provides project management, subject-matter expertise, and hands-on technical support for all aspects of OPTEVFOR Cyber Operational Test & Evaluation (OT&E) infrastructure, tools, and certification/accreditation activities in alignment with DoD and Department of the Navy (DON) cybersecurity policies and guidance.

  • Create, review, update, and validate cybersecurity Standard Operating Procedures (SOPs) as required.
  • Review and maintain an inventory of authorized software (as the software custodian).
  • Review and maintain an inventory of government-furnished devices and media.
  • Ensure configurations on laptops and servers are validated before being deployed (as required)
  • Audit and validate configurations of network devices based on STIGs, or define and implement compensating controls of such STIGs as required to ensure mission execution.
  • Maintain and update all RMF and A&A documentation to ensure relevance and alignment with OPTEVFOR cyber OT&E mission assets, including required revisions and updates in eMASS.
  • Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset, networks, and/or systems.
  • Ensure traceability is maintained throughout the RMF submission process (e.g., A&A plan, Plan Of Action and Milestones (POA&M), Security Assessment Report (SAR), topology, software, ports, protocols and services, test plan).
  • Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON / DADMS.
  • Maintain documentation and registration of network ports, protocols, and services.
  • Maintain circuit registrations in the Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP).
  • Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation.
  • As a member of the Configuration Control Board (CCB), ensure CCB-approved changes are timely and accurately reflected in the A&A documentation.
  • Support compliance validation of current and future directives (e.g., IAVs, STIGs, TASKORD/CTOs).
  • Provide recommendations for corrective action of any non-compliant security controls.
  • Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with eh DoD Instruction 8510 series, Risk Management Framework for DoD systems.
  • Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
  • Prepare reports on scanning results and configuration management observations monthly.
  • Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.
  • Conduct and document a semi-annual tabletop exercise twice in a calendar year.
  • Produce test plans, draft after actions, and other documents for review and comment.
  • Review and/or revise Business Impact Analysis (BIA) to include business process, IT dependency, and physical security assessments annually.
  • Review and analyze IT contingency/disaster recovery plans for NIST and DoN compliance, and produce checklists for IT systems.
  • Assist with exercise and/or training and documentation of IT contingency plan and execution. Able to work alone or in a small group to resolve tasks independently with minimal supervision.
  • Minimum 5 years' experience designing enterprise and systems security throughout the development lifecycle.
  • Minimum 3 years' experience conducting thorough assessments of management, operational, and technical security controls within IT systems
  • Minimum 3 years' experience providing project management, subject matter expertise, and hands-on experience for systems certification and accreditation efforts in accordance with applicable DOD and DON policies and guidance.
Applied = 0
MORE JOBS LIKE THIS

(web-f6fc48fb5-k5dx2)