RMC - Resource Management Concepts Inc.
Risk Management Framework (RMF) Analyst
RMC - Resource Management Concepts Inc., Charleston, South Carolina, United States, 29408
Description
Resource Management Concepts, Inc. (RMC) provides high-quality, professional services to government and commercial sectors. Our mission is to deliver exceptional management and technology solutions supporting the protection and preservation of the people and environment of the United States of America. RMC is hiring a
Risk Management Framework (RMF) Analyst (Package Owner) . The RMF Analyst plays a critical role in obtaining and maintaining authorization of core infrastructure systems managed by Data Center and Cloud Hosting Services (DC2HS). This position requires hands-on experience with Enterprise Mission Assurance Support Services (eMASS) to capture information and artifacts necessary for authorization in accordance with the Department of the Navy (DoN) RMF Process Guide, Navy Security Control Assessor Risk Assessment Guide, CYBERSAFE requirements, and other applicable agency policies. The RMF Analyst will collaborate with system owners, developers, and security personnel to identify, assess, and mitigate risks throughout the system lifecycle. A strong working knowledge of the Navy’s RMF process and tools such as eMASSter and RAFT is essential. Responsibilities
Develop and maintain RMF documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). Determine applicable security controls in alignment with NIST 800-53 and other guidance. Test and monitor security controls to ensure effectiveness. Review and assess technical test results (e.g., ACAS scans, SCAP scans, EvaluateSTIG results, STIG checklists) and work with engineers/cybersecurity teams to resolve findings. Conduct periodic security reviews and audits to maintain compliance. Update Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON) records, if applicable. Work closely with system owners, developers, and stakeholders to integrate security across the system development lifecycle (SDLC). Provide RMF guidance and best practices to system owners. Clearly communicate security risks, findings, and recommendations to leadership and stakeholders. Stay current with evolving threats, vulnerabilities, and compliance requirements. Recommend improvements to RMF documentation, processes, and reporting. Requirements
Bachelor’s degree in a technical or managerial discipline OR High School Diploma/GED with equivalent experience. 5+ years of relevant experience with a Bachelor’s degree OR 7+ years with a HS Diploma/GED in Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A)/Certification & Accreditation (C&A). Demonstrated working knowledge of the Risk Management Framework (RMF). Experience with eMASS, ACAS, and related Information Assurance tools. Familiarity with ATO requirements, security policies, and compliance documentation. Ability to evaluate security solutions, supervise/maintain operational security posture, and ensure compliance with change management/configuration control. Security Clearance:
An Interim DoD Secret clearance is required to start. Required Certifications Must be certified at Information Assurance Technical (IAT) Level II or higher and meet the latest DoD 8570.1M / DoD 8140 cybersecurity workforce training and certification requirements. At least one (1) of the following is required: CompTIA Security+ CompTIA Advanced Security Practitioner (CASP) Certified Information Systems Security Professional (CISSP) At least one (1) of the following is required: IEEE CS Software Development Associate Engineer Certification Microsoft role-based certifications (e.g., MCAD, MCDBA) Red Hat Certification Program (RHCP) Cisco Certified Network Associate (CCNA) Oracle Certified Associate (relevant technology) VMware Certified Technical Associate – Data Center Virtualization Citrix Certified Administrator Cloud certifications (e.g., AWS Architect, Developer, SysOps Associate) Benefits
At RMC, we are committed to your career growth. We invest in our employees through training, certification, education, and development. We offer a small-company feel, tuition assistance, certifications, 11 paid federal holidays, high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package. Salary at RMC is determined by location, education, knowledge, skills, competencies, experience, and contract requirements. The current salary range for this position is $75,000 to $105,000 (annually). Equal employment opportunity, including veterans and individuals with disabilities. PI278660209
#J-18808-Ljbffr
Resource Management Concepts, Inc. (RMC) provides high-quality, professional services to government and commercial sectors. Our mission is to deliver exceptional management and technology solutions supporting the protection and preservation of the people and environment of the United States of America. RMC is hiring a
Risk Management Framework (RMF) Analyst (Package Owner) . The RMF Analyst plays a critical role in obtaining and maintaining authorization of core infrastructure systems managed by Data Center and Cloud Hosting Services (DC2HS). This position requires hands-on experience with Enterprise Mission Assurance Support Services (eMASS) to capture information and artifacts necessary for authorization in accordance with the Department of the Navy (DoN) RMF Process Guide, Navy Security Control Assessor Risk Assessment Guide, CYBERSAFE requirements, and other applicable agency policies. The RMF Analyst will collaborate with system owners, developers, and security personnel to identify, assess, and mitigate risks throughout the system lifecycle. A strong working knowledge of the Navy’s RMF process and tools such as eMASSter and RAFT is essential. Responsibilities
Develop and maintain RMF documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms). Determine applicable security controls in alignment with NIST 800-53 and other guidance. Test and monitor security controls to ensure effectiveness. Review and assess technical test results (e.g., ACAS scans, SCAP scans, EvaluateSTIG results, STIG checklists) and work with engineers/cybersecurity teams to resolve findings. Conduct periodic security reviews and audits to maintain compliance. Update Department of Defense Information Technology Portfolio Repository – Department of the Navy (DITPR-DON) records, if applicable. Work closely with system owners, developers, and stakeholders to integrate security across the system development lifecycle (SDLC). Provide RMF guidance and best practices to system owners. Clearly communicate security risks, findings, and recommendations to leadership and stakeholders. Stay current with evolving threats, vulnerabilities, and compliance requirements. Recommend improvements to RMF documentation, processes, and reporting. Requirements
Bachelor’s degree in a technical or managerial discipline OR High School Diploma/GED with equivalent experience. 5+ years of relevant experience with a Bachelor’s degree OR 7+ years with a HS Diploma/GED in Cybersecurity, Engineering, Test & Evaluation (T&E), or Assessment & Authorization (A&A)/Certification & Accreditation (C&A). Demonstrated working knowledge of the Risk Management Framework (RMF). Experience with eMASS, ACAS, and related Information Assurance tools. Familiarity with ATO requirements, security policies, and compliance documentation. Ability to evaluate security solutions, supervise/maintain operational security posture, and ensure compliance with change management/configuration control. Security Clearance:
An Interim DoD Secret clearance is required to start. Required Certifications Must be certified at Information Assurance Technical (IAT) Level II or higher and meet the latest DoD 8570.1M / DoD 8140 cybersecurity workforce training and certification requirements. At least one (1) of the following is required: CompTIA Security+ CompTIA Advanced Security Practitioner (CASP) Certified Information Systems Security Professional (CISSP) At least one (1) of the following is required: IEEE CS Software Development Associate Engineer Certification Microsoft role-based certifications (e.g., MCAD, MCDBA) Red Hat Certification Program (RHCP) Cisco Certified Network Associate (CCNA) Oracle Certified Associate (relevant technology) VMware Certified Technical Associate – Data Center Virtualization Citrix Certified Administrator Cloud certifications (e.g., AWS Architect, Developer, SysOps Associate) Benefits
At RMC, we are committed to your career growth. We invest in our employees through training, certification, education, and development. We offer a small-company feel, tuition assistance, certifications, 11 paid federal holidays, high-quality, low-deductible healthcare plans, pet insurance, and a competitive 401K package. Salary at RMC is determined by location, education, knowledge, skills, competencies, experience, and contract requirements. The current salary range for this position is $75,000 to $105,000 (annually). Equal employment opportunity, including veterans and individuals with disabilities. PI278660209
#J-18808-Ljbffr