Description
Description
The Risk Management Framework (RMF) Analyst plays a crucial role in obtaining and maintaining the authorization of core infrastructure systems managed by Data Center and Cloud Hosting Services. This individual will be responsible for using Enterprise Mission Assurance Support Services (eMASS) to capture information and artifacts required to obtain and maintain an authorization in accordance with the Department of Navy (DoN) Risk Management Framework Process Guide, Navy Security Control Assessor Risk Assessment Guide, CYBERSAFE requirements and other agency-specific policies. The RMF Analyst will work closely with system owners, developers and security personnel to identify, assess and mitigate risks throughout the system lifecycle. As a RMF Analyst, a solid understanding of the Navy's risk management framework process and experience using authorization tools, eMASSter and RAFT, is required.
Essential Duties and Responsibilities:
1. RMF Implementation and Maintenance:
- Develop and maintain RMF documentation, including but not limited to System Security Plans (SSPs), Security Assessment Plans (SAPS), Security Assessment Reports (SARs) and Plans of Action and Milestones (POA&Ms).
- Determine appropriate applicable security controls based on National Institute of Standards and Technology (NIST) 800-53 and other relevant guidance.
- Test and monitor security controls to ensure effectiveness.
- Review and understand how to assess technical test results (i.e. Assured Compliance Assessment Solution (ACAS) scan results, Security Content Automation Protocol (SCAP) scan results, EvaluateSTIG scan results, STIG checklists) and collaborate with system engineers and cybersecurity teams to ensure findings are addressed.
- Conduct regular security reviews and audits to ensure compliance with cybersecurity requirements.
- Review and update Department of Defense Information Technology Portfolio Repository - Department of the Navy (DITPR-DON) records, if one exists, for assigned system.
2. Collaboration and Communication:
- Collaborate with system owners, developers and other stakeholders to integrate security into all phases of the system development lifecycle (SDLC).
- Provide guidance and support to system owners on RMF requirements and best practices.
- Communicate security risks and recommendations to management and other stakeholders effectively.
3. Continuous Improvement:
- Stay abreast of emerging security threats and vulnerabilities.
- Identify opportunities to improve RMF processes and documentation.
Qualifications
Required Education and Experience:
- Bachelor's degree and five (5) or more years of experience
- Require at least one: CompTIA Security+, CompTIA Advanced Security Practitioner (CASP), or Certified Information System Security Professional (CISSP).
- RMF and IV&V experience
- Must be a US Citizen with an active Secret clearance and the ability to obtain a Top Secret
Apply on company website
Find Connections via Linkedin
