Geospatial And Cloud Analytics Inc
Risk Management Framework RMF Analyst
Geospatial And Cloud Analytics Inc, Norfolk, Virginia, United States, 23500
The RMF Analyst supports
OPTEVFOR Cyber Operational Test & Evaluation (OT&E)
missions by applying enterprise‑and system‑level security architecture expertise across the system development lifecycle. The role ensures alignment with evolving laws, regulations, and
DoD and Department of the Navy (DoN) cybersecurity policies , and contributes to
Risk Management Framework (RMF)
activities across all lifecycle phases.
The Security Architect translates complex technical, operational, and environmental requirements into effective security architectures; supports system categorization, policy documentation, security control selection and implementation; and conducts comprehensive assessments of management, operational, and technical security controls to evaluate effectiveness. The position also provides project management and subject matter expertise to guide
certification and accreditation (A&A)
activities for Cyber OT&E test infrastructure and toolsets, working closely with internal stakeholders and external oversight organizations to ensure timely and compliant system authorizations.
Security Clearance Requirement Eligibility for
Top Secret / Sensitive Compartmented Information (TS/SCI) .
Qualifications
Minimum of
five (5) years
of experience designing and integrating
enterprise and system security architectures
across the development lifecycle
Minimum of
three (3) years
of experience conducting
RMF-related assessments
of management, operational, and technical security controls within DoD IT systems
Minimum of
three (3) years
of experience providing
project management, subject matter expertise, and hands‑on support
for system certification and accreditation efforts in accordance with DoD/DoN cybersecurity policies and RMF guidance
Key Responsibilities Security Architecture and RMF Support
Apply enterprise and system‑level security architecture principles to support OPTEVFOR Cyber OT&E missions
Support RMF activities across all steps, including system categorization, control selection, control implementation, assessment, authorization, and continuous monitoring
Provide RMF support consistent with the
RMF Process Guide (RPG)
for the
Information Systems Security Engineer (ISSE)
role
Evaluate security architectures and designs to determine adequacy and alignment with mission and enterprise objectives
Define and document the impact of new systems, interfaces, or changes on overall security posture
Documentation, Compliance, and Governance
Create, review, update, and validate
cybersecurity Standard Operating Procedures (SOPs)
Maintain inventories of
authorized software ,
Government Furnished Equipment (GFE) , and removable media
Maintain and update all
RMF and A&A documentation
to ensure accuracy, relevance, and alignment with OPTEVFOR Cyber OT&E assets, including required updates in
eMASS
Ensure traceability across all RMF artifacts, including:
A&A Plans
Plans of Action and Milestones (POA&Ms)
Security Assessment Reports (SARs)
Network topologies
Software inventories
Ports, protocols, and services
Test plans
Maintain system and network documentation in
DoD IT Portfolio Repository–DoN (DITPR-DON) / DADMS
Maintain documentation and registration of network ports, protocols, services, and circuits, including
GIAP
and
SNAP
Track and report weekly status of all outstanding A&A actions and supporting documentation
As a member of the
Configuration Control Board (CCB) , ensure approved changes are accurately and timely reflected in A&A documentation
Assessment, Validation, and Hardening
Conduct comprehensive
annual RMF package reviews
to ensure continued compliance of Cyber OT&E toolsets, networks, and systems
Execute
DISA STIG validations
in conjunction with RMF/A&A reviews in accordance with
DoDI 8510 series
Audit and validate system and network configurations against STIGs; define and implement compensating controls when required to support mission execution
Support compliance validation for current and emerging directives (e.g.,
IAVs, STIGs, TASKORDs, CTOs )
Provide recommendations for corrective actions to remediate non‑compliant security controls
Prepare and maintain vulnerability scan results, system security assessments, and configuration management findings to inform authorization decisions
Document assessment activities and results in sufficient detail to support independent external review
Testing, Exercises, and Continuity Planning
Develop or contribute to
security test plans
and supporting documentation to verify security control implementation and inform ongoing risk determinations
Conduct and document
semi‑annual tabletop exercises
(twice per calendar year)
Review and analyze
IT contingency and disaster recovery plans
for compliance with NIST and DoN requirements
Develop system‑specific contingency planning checklists and support contingency plan exercises and training
Work independently or in small teams to resolve tasks with minimal supervision
DCWF Knowledge, Skills, Abilities, and Tasks (KSATs) Knowledge
Enterprise information security architecture and IT architectural concepts (baseline and target architectures)
Network security architecture principles, protocols, components, and defense‑in‑depth strategies
Cybersecurity‑enabled software products and secure configuration management practices
RMF processes, documentation, and compliance requirements
PII protection standards, program protection planning, and applicable security/privacy regulations
Telecommunications concepts, network management principles, and cloud‑based security technologies
Specialized system requirements, including those supporting critical infrastructure
Skills & Abilities
Design and integrate security architectures and frameworks, including multilevel and cross‑domain solutions up to
TS/SCI
Translate laws, regulations, and environmental conditions into effective security designs and processes
Perform comprehensive assessments of management, operational, and technical security controls
Develop and maintain security compliance processes and audits, including for external services (e.g., cloud providers)
Apply cybersecurity methods such as firewalls, DMZs, encryption, PKI, and digital signatures
Optimize systems to meet enterprise performance and security requirements
Provide project management and subject matter expertise for Cyber OT&E certification and accreditation efforts
Document and update security architectures and related artifacts
Translate mission capabilities into technical and security requirements and application design elements
Provide cost, design, and change‑impact advice to program and technical leadership
#J-18808-Ljbffr
OPTEVFOR Cyber Operational Test & Evaluation (OT&E)
missions by applying enterprise‑and system‑level security architecture expertise across the system development lifecycle. The role ensures alignment with evolving laws, regulations, and
DoD and Department of the Navy (DoN) cybersecurity policies , and contributes to
Risk Management Framework (RMF)
activities across all lifecycle phases.
The Security Architect translates complex technical, operational, and environmental requirements into effective security architectures; supports system categorization, policy documentation, security control selection and implementation; and conducts comprehensive assessments of management, operational, and technical security controls to evaluate effectiveness. The position also provides project management and subject matter expertise to guide
certification and accreditation (A&A)
activities for Cyber OT&E test infrastructure and toolsets, working closely with internal stakeholders and external oversight organizations to ensure timely and compliant system authorizations.
Security Clearance Requirement Eligibility for
Top Secret / Sensitive Compartmented Information (TS/SCI) .
Qualifications
Minimum of
five (5) years
of experience designing and integrating
enterprise and system security architectures
across the development lifecycle
Minimum of
three (3) years
of experience conducting
RMF-related assessments
of management, operational, and technical security controls within DoD IT systems
Minimum of
three (3) years
of experience providing
project management, subject matter expertise, and hands‑on support
for system certification and accreditation efforts in accordance with DoD/DoN cybersecurity policies and RMF guidance
Key Responsibilities Security Architecture and RMF Support
Apply enterprise and system‑level security architecture principles to support OPTEVFOR Cyber OT&E missions
Support RMF activities across all steps, including system categorization, control selection, control implementation, assessment, authorization, and continuous monitoring
Provide RMF support consistent with the
RMF Process Guide (RPG)
for the
Information Systems Security Engineer (ISSE)
role
Evaluate security architectures and designs to determine adequacy and alignment with mission and enterprise objectives
Define and document the impact of new systems, interfaces, or changes on overall security posture
Documentation, Compliance, and Governance
Create, review, update, and validate
cybersecurity Standard Operating Procedures (SOPs)
Maintain inventories of
authorized software ,
Government Furnished Equipment (GFE) , and removable media
Maintain and update all
RMF and A&A documentation
to ensure accuracy, relevance, and alignment with OPTEVFOR Cyber OT&E assets, including required updates in
eMASS
Ensure traceability across all RMF artifacts, including:
A&A Plans
Plans of Action and Milestones (POA&Ms)
Security Assessment Reports (SARs)
Network topologies
Software inventories
Ports, protocols, and services
Test plans
Maintain system and network documentation in
DoD IT Portfolio Repository–DoN (DITPR-DON) / DADMS
Maintain documentation and registration of network ports, protocols, services, and circuits, including
GIAP
and
SNAP
Track and report weekly status of all outstanding A&A actions and supporting documentation
As a member of the
Configuration Control Board (CCB) , ensure approved changes are accurately and timely reflected in A&A documentation
Assessment, Validation, and Hardening
Conduct comprehensive
annual RMF package reviews
to ensure continued compliance of Cyber OT&E toolsets, networks, and systems
Execute
DISA STIG validations
in conjunction with RMF/A&A reviews in accordance with
DoDI 8510 series
Audit and validate system and network configurations against STIGs; define and implement compensating controls when required to support mission execution
Support compliance validation for current and emerging directives (e.g.,
IAVs, STIGs, TASKORDs, CTOs )
Provide recommendations for corrective actions to remediate non‑compliant security controls
Prepare and maintain vulnerability scan results, system security assessments, and configuration management findings to inform authorization decisions
Document assessment activities and results in sufficient detail to support independent external review
Testing, Exercises, and Continuity Planning
Develop or contribute to
security test plans
and supporting documentation to verify security control implementation and inform ongoing risk determinations
Conduct and document
semi‑annual tabletop exercises
(twice per calendar year)
Review and analyze
IT contingency and disaster recovery plans
for compliance with NIST and DoN requirements
Develop system‑specific contingency planning checklists and support contingency plan exercises and training
Work independently or in small teams to resolve tasks with minimal supervision
DCWF Knowledge, Skills, Abilities, and Tasks (KSATs) Knowledge
Enterprise information security architecture and IT architectural concepts (baseline and target architectures)
Network security architecture principles, protocols, components, and defense‑in‑depth strategies
Cybersecurity‑enabled software products and secure configuration management practices
RMF processes, documentation, and compliance requirements
PII protection standards, program protection planning, and applicable security/privacy regulations
Telecommunications concepts, network management principles, and cloud‑based security technologies
Specialized system requirements, including those supporting critical infrastructure
Skills & Abilities
Design and integrate security architectures and frameworks, including multilevel and cross‑domain solutions up to
TS/SCI
Translate laws, regulations, and environmental conditions into effective security designs and processes
Perform comprehensive assessments of management, operational, and technical security controls
Develop and maintain security compliance processes and audits, including for external services (e.g., cloud providers)
Apply cybersecurity methods such as firewalls, DMZs, encryption, PKI, and digital signatures
Optimize systems to meet enterprise performance and security requirements
Provide project management and subject matter expertise for Cyber OT&E certification and accreditation efforts
Document and update security architectures and related artifacts
Translate mission capabilities into technical and security requirements and application design elements
Provide cost, design, and change‑impact advice to program and technical leadership
#J-18808-Ljbffr