-
Risk Management Framework (RMF) Analyst - TS/SCI…
- Cambridge International Systems Inc (Norfolk, VA)
-
Risk Management Framework (RMF) Analyst – TS/SCI Clearance | Norfolk, VA
Cambridge International Systems, Inc.
Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you’ll work alongside top talent worldwide, tackling some of today’s most complex and critical challenges in defense and security.
We are currently seeking a Risk Management Framework (RMF) Analyst to support operations in Norfolk, VA. This is a full-time position requiring an active DoD TS/SCI clearance.
This position is contingent upon contract award with an expected award date of November 2025.
What You’ll Do
+ Create, review, update, and validate cybersecurity Standard Operations Procedures (SOPs) as required.
+ Review and maintain an inventory of authorized software (software custodian).
+ Review and maintain an inventory of government furnished devices and media.
+ Ensure configurations on laptops and servers are validated prior to being deployed (as required)
+ Audit and validate configurations of network devices based on STIGs, or defining and implementing compensating controls of such STIGs as required to ensure mission execution.
+ Maintain and update all RMF and A&A documentation to ensure relevancy and alignment with the cyber OT&E mission assets to include required revisions and updates in eMASS.
+ Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset, networks, and/or systems.
+ Ensure traceability is maintained throughout the RMF submission process (e.g., A&A plan, Plan Of Action and Milestones (POA&M), Security Assessment Report (SAR), topology, software, ports protocols and services, test plan).
+ Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON / DADMS.
+ Maintain documentation and registration of network ports, protocols, and services.
+ Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP).
+ Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation.
+ As a member of the Configuration Control Board (CCB), ensure CCB approved changes are timely and accurately reflected in the A&A documentation.
+ Support compliance validation of current and future directives (e.g.: IAVs, STIGs, TASKORD/CTOs).
+ Provide recommendations for corrective action of any non-compliant security controls.
+ Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with eh DoD Instruction 8510 series, Risk Management Framework for DoD systems..
+ Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
+ Prepare reports on scanning results and configuration management observations monthly.
+ Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.
+ Conduct and document a semi-annual tabletop exercise Twice in a calendar year.
+ Produce test plans, draft after actions and other documents for review and comment.
+ Review and/or revise Business Impact Analysis (BIA) to include business process, IT dependency, and physical security assessments annually.
+ Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance, and produce checklists for IT systems.
+ Assist with exercise and/or training and documentation of IT contingency plan and execution Able to work alone or in a small group to resolve tasks independently with minimal supervision.
+ Adhere to guidance outlined in RMF Process Guide https://portal.secnav.navy.mil/orgs/OPNAV/N2N6/DDCION/N2N6BC4/RMF/SitePages/Home.aspx
What You’ll Bring
Required Qualifications:
+ Education & Experience:
+ Minimum 5 years’ experience designing enterprise and systems security throughout the development lifecycle.
+ Minimum 3 years’ experience conducting thorough assessments of management, operational, and technical security controls within IT systems
+ Certifications:
+ Minimum 3 years’ experience providing project management, subject matter expertise, and hands-on experience for systems certification and accreditation efforts in accordance with applicable DOD and DON policies and guidance.
+ Eligible to obtain and keep active, a DoD TS/SCI security clearance.
+ Proficient with modern IT tools and infrastructure technologies
Preferred (Nice to Have):
+ Knowledge of the organization’s enterprise information security architecture system.
+ Ability to design and integrate security architectures and frameworks.
+ Skill in translating technology and environmental conditions (e.g., laws, regulations) into security designs and processes.
+ Knowledge of integrating organizational goals into security architecture.
+ Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., defense-in-depth).
+ Skill in designing multi-level security and cross-domain solutions.
+ Knowledge of cybersecurity-enabled software products and how they fit into security designs.
+ Perform comprehensive assessments of management, operational, and technical security controls and enhancements.
+ Document and address information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition lifecycle.
+ Evaluate security architectures and designs to determine their adequacy.
+ Develop and integrate cybersecurity designs for systems and networks with multilevel security requirements up to TS/SCI.
+ Define and document the impact of new systems or interfaces on the security posture of the environment.
+ Develop as needed, security compliance processes and/or audits for external services (e.g., cloud service providers).
+ Provide project management and subject matter expertise in the Cyber OT&E test infrastructure and toolset certification and accreditation efforts.
+ Employ secure configuration management processes and ensure systems and architectures align with cybersecurity guidelines.
+ Provide advice on project costs, design concepts, and design changes.
+ Skill in applying cybersecurity methods such as firewalls, demilitarized zones, and encryption.
+ Knowledge of IT architectural concepts, including baseline and target architectures.
+ Knowledge of key telecommunications concepts and principles.
+ Knowledge of network systems management principles and tools.
+ Knowledge of Cloud-based knowledge management technologies related to security and administration.
+ Skill in using PKI encryption and digital signatures.
+ Document and update architecture and related activities.
+ Translate proposed capabilities into technical requirements and security requirements into application design elements.
+ Provide input to the Risk Management Framework process and related documentation.
+ Knowledge of Personally Identifiable Information (PII) data security standards and program protection planning.
+ Knowledge of local specialized system requirements (e.g., critical infrastructure) and network security principles.
+ Ability to optimize systems to meet enterprise performance requirements.
+ Skill in using design methods and developing data management capabilities.
Travel & Passport
+ Some overnight stays possible.
Work Environment
+ Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil.
Office setting:
+ Primarily an office-based role in Norfolk, VA
+ Standard desk/computer work with flexibility for walking and movement on site
+ Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday.
+ Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc.
+ May be required to travel short distances to offices/conference rooms and buildings on site.
Background & Security
+ Employment is contingent upon successful background investigation
+ Drug screening may be required for federal contract compliance
Benefits & Perks
We believe in investing in our team—both professionally and personally:
+ Medical, dental, vision, life, accident, and critical illness insurance
+ 401(k) immediate vesting and match
+ Paid time off and company holidays
+ Generous tuition & training support
+ Relocation assistance
+ Sign-on and performance-based bonuses
+ Employee referral program
+ Access to Tickets at Work, EAP, wellness initiatives, and more
Join Us
If you're driven by mission, technology, and teamwork—we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Know someone perfect for the role? Referrals are welcome—both employees and non-employees may qualify for a bonus.
Apply today and help shape the future of secure cloud computing for national security.
About Cambridge International Systems
At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at www.cbridgeinc.com.
Powered by JazzHR
-
Recent Jobs
-
Risk Management Framework (RMF) Analyst - TS/SCI Clearance |
- Cambridge International Systems Inc (Norfolk, VA)
-
Sr Business, Gas Distribution Intern
- Xcel Energy (Lakewood, CO)
-
Accounting Technician 2
- Iowa Department of Administrative Services (Des Moines, IA)
-
Admin II (Law Experience with Accounting Experience)
- TXNM Energy (Albuquerque, NM)