Risk Management Framework (RMF) Analyst

Job Overview We are seeking a highly skilled Risk Management Framework (RMF) Analyst to join our cybersecurity team. The ideal candidate will be responsible for implementing, managing, and maintaining comprehensive risk management processes aligned with federal and organizational standards such as NIST, ISO, and FedRAMP. This role requires deep expertise in IT infrastructure, network security, and information security principles to ensure the confidentiality, integrity, and availability of organizational assets across cloud and on-premises environments. The primary goal is to help organizations achieve and maintain an Authority to Operate (ATO) for technical systems. The ideal candidate will be responsible for: • Assessment and Authorization (A&A): guiding systems through the 6-step RMF process (NIST SP 800-37) to obtain/maintain an ATO • Security Control Assessment: evaluating technical controls using tools like ACAS or SCAP and analyze STIG checklists • Documentation: creating and maintaining SSPs, POA&Ms, and security assessment reports • Risk Management: identifying, analyzing and mitigating security risks in coordination with system owners and stakeholders • Compliance Monitoring: conducting ongoing monitoring to ensure compliance with federal or DoD cybersecurity policies • System Categorization: defining the system's boundary and assessing the potential impact of a security breach on the organization's mission • Security Control Selection: identifying and tailoring specific security controls • Implementation & Assessment: verifying that the security controls are properly implemented via audits, technical testing and vulnerability scans. • Lead incident response efforts by analyzing system security events and coordinating incident recovery procedures. • Conduct vulnerability research to identify potential threats within IT infrastructure including IoT devices and enterprise applications. • Collaborate on system security enhancements through scripting (PowerShell, Bash), SDLC processes, DevOps practices including CI/CD pipelines. • Ensure compliance with cybersecurity policies related to PCI DSS standards and FISMA regulations while supporting disaster recovery planning. • Maintain documentation of risk assessments and support audits related to IT governance frameworks such as ITIL and COBIT. Qualifications • Bachelor’s degree in Computer Science, Cybersecurity, or Information Systems preferred with a minimum of five years of relevant experience • Certifications are highly encouraged, including: CompTIA Security+, CISSP, CGRC • Proficiency with RMF management tools such as eMASS, XACTA, or STIG Viewer preffered • Proficiency with vulnerability scanners such as ACAS or Nessus preferred • Excellent communication skills to convey technical risks to non-technical stakeholders; ability to work collaboratively within Agile teams supporting DevOps initiatives. • May be required to hold and maintain a security clearance • Note: this position is with a federal government organization and may require candidates to be a U.S. citizen or lawful permanent resident Job Types: Full-time, Contract Pay: $88,615.95 - $106,720.29 per year Work Location: Remote Apply tot his job