Talent.com
Risk Management Framework (RMF) Analyst – Top Secret Clearance | Norfolk, VA

Risk Management Framework (RMF) Analyst – Top Secret Clearance | Norfolk, VA

Cambridge International Systems IncNorfolk, VA, US
job_description.job_card.variable_days_ago
serp_jobs.job_preview.job_type
  • serp_jobs.job_card.full_time
  • serp_jobs.filters_job_card.quick_apply
job_description.job_card.job_description

Risk Management Framework (RMF) Analyst – Top Secret Clearance

  • Norfolk, VA  Cambridge International Systems, Inc.  Join a dynamic global team united by shared values :

|commitment, integrity, and perseverance.

  • At Cambridge, you’ll work alongside top talent worldwide, tackling some of today’s most complex and critical challenges in defense and security.  We are currently seeking a Risk Management Framework (RMF) Analyst to support operations in Norfolk, VA.
  • This is a full-time position requiring an active DoD TS clearance.  This position is contingent upon contract award with an expected award date of January 2026.  What You’ll Do  ​​​​​​​Design and maintain enterprise and systems security throughout the development lifecycle in alignment with DoD and DoN RMF guidance.
  • Conduct assessments of management, operational, and technical security controls to evaluate system compliance and risk posture Maintain and update RMF and A&A documentation across the OPTEVFOR Cyber OT&E mission, including revisions in eMASS and DADMS.
  • Create, validate, and revise cybersecurity SOPs, system security plans (SSPs), contingency plans, and privacy impact assessments.
  • Review and maintain inventories of authorized software, GFE, ports, protocols, and circuit registrations (GIAP / SNAP).
  • Execute annual RMF reviews and STIG validations on systems, identifying and recommending corrective actions for non-compliance.
  • Support configuration audits, vulnerability scans, POA&Ms, SARs, test plans, and documentation of RMF lifecycle artifacts.
  • Lead semi-annual tabletop exercises and review business impact analysis and disaster recovery plans for compliance.
  • Serve on the Configuration Control Board (CCB), ensuring approved changes are reflected in security documentation.
  • Provide technical reports on system scan results, cybersecurity compliance, and configuration management.
  • Advise stakeholders on risk management, ATO strategy, and secure architecture to meet mission requirements.

    • What You’ll Bring  Required Qualifications :

  • Education & Experience :    Minimum 5 years of experience designing enterprise / system security throughout the development lifecycle.
  • Minimum 3 years conducting assessments of security controls and authoring RMF documentation.
  • Minimum 3 years of experience supporting RMF certification and accreditation efforts for DoD / DON systems.
  • Familiarity with eMASS, DADMS, GIAP, STIGs, and the DoDI 8510 series.
  • Strong working knowledge of NIST SP 800-series, DoD cybersecurity policies, and A&A lifecycle artifacts.
  • Must have a current and active DoD TS security clearance with the ability to obtain a SCI clearance.

    • Proficient with modern IT tools and infrastructure technologies    Preferred (Nice to Have) :

  • Experience supporting OT&E environments, including cyber test toolset and infrastructure validation.
  • Knowledge of network architecture, PKI, firewall and encryption methods, and multilevel / cross-domain security solutions.
  • Ability to translate technical requirements into secure designs that meet mission and compliance objectives.
  • Knowledge of PII data security, program protection planning, and enterprise security architecture frameworks.
  • Proficiency in system hardening, vulnerability remediation, and documentation for RMF artifacts.
  • Experience conducting security audits, contingency plan tests, and cloud-based system evaluations.

    • Travel & Passport  Some overnight stays possible.   Work Environment  Compliance with vaccination and medical requirements for TDY / OCONUS roles as per Vaccine Recommendations by AOR

  • Health.mil .  Office setting :

    • |  Primarily an office-based role in Norfolk, VA Standard desk / computer work with flexibility for walking and movement on site  Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday.  Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc.  May be required to travel short distances to offices / conference rooms and buildings on site.    Background & Security  Employment is contingent upon successful background investigation  Drug screening may be required for federal contract compliance  Benefits & Perks  We believe in investing in our team—both professionally and personally :   Medical, dental, vision, life, accident, and critical illness insurance  401(k) immediate vesting and match  Paid time off and company holidays  Generous tuition & training support  Relocation assistance  Sign-on and performance-based bonuses  Employee referral program  Access to Tickets at Work, EAP, wellness initiatives, and more  Join Us  If you're driven by mission, technology, and teamwork—we want to hear from you.

  • Cambridge is growing, and this position is just one of many opportunities on our global team.
  • Know someone perfect for the role?

    • Referrals are welcome—both employees and non-employees may qualify for a bonus.  Apply today and help shape the future of secure cloud computing for national security.  About Cambridge International Systems  At Cambridge, innovation grows through diversity.

  • We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all.
  • Learn more at www.cbridgeinc.com .   Powered by JazzHR
    • serp_jobs.job_alerts.create_a_job

    Risk Management Analyst • Norfolk, VA, US