RMF Analyst II

Summary

RMF Analyst II

Huntsville, AL

Are you ready to enhance your skills and build your career in a rapidly evolving business climate? Are you looking for a career where professional development is embedded in your employer’s core culture? If so, Chenega Military, Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support large-scale government operations by leveraging cutting-edge technology and take your career to the next level!

Chronos Operations, LLC is seeking an experienced RMF Analyst II to provide oversight and resources needed to execute the contract requirements for the Army Materiel Command (AMC), Chief Information Office (CIO) across a wide range of cybersecurity tasks. The RMF Analyst II conducts mid‑level RMF analysis, System Security Plan development, and A&A coordination.

• Assist RMF practitioner managing ATO packages, continuous monitoring plans, and eMASS documentation.
• Deep understanding of cybersecurity frameworks, documentation, and technical validation processes, working closely with stakeholders and control assessors to ensure security and compliance.
• Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information.
• Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies.
• Ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure.
• Track timely and high‑quality completion of process tasks and milestones, and report on the status of key milestones to performers and senior stakeholders.
• Oversee the cybersecurity lifecycle from inception to completion.
• Develop, review, and update documentation to ensure compliance with RMF and Continuous Monitoring requirements.
• Evaluate and validate technical processes related to ATO (Authority to Operate) requirements, ensuring alignment with cybersecurity standards.
• Maintain and update system security documentation (SSPs, POA&Ms, etc.).
• Conduct Security Tests & Evaluations (ST&E) and risk assessments.
• Provide direct support to Control Assessors, assisting in the preparation and review of authorization information and documentation for RMF and Continuous Monitoring.
• Assist with eMASS package completion and maintenance, including artifacts, self‑assessments, and asset management.
• Review project schedules, requirements, and risk assessments, offering recommendations to program stakeholders to enhance security posture.
• Assist with the security plans, as well as assessment reports, plans of action and milestones for remediation. Defines criticality or sensitivity of systems, performs categorization calculations, and recommends corrective action.
• Recommends baseline security controls, assesses changes in controls, and coordinates changes to security authorizations.
• Conducts evaluations to verify that design and implementation meet requirements.
• Assists with the preparation of test plans and conducts security control testing IAW with NIST SP800-53.
• Other duties as assigned.

• Bachelor's degree in Science, Technology, Engineering, Mathematics, IT, or business-related programs
• 2+ years of experience in Cybersecurity compliance/Risk Management Framework
• 2+ years of experience with RMF (NIST 800-53), ATO packages, POA&Ms development, system categorization is required
  • 2+ years’ experience supporting DoD or federal programs highly desirable
• Cybersecurity certifications like CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager), or CGRC (Certified in Governance, Risk and Compliance) to obtain within 90 days of start date.
• Must have an active Secret clearance with the ability to obtain TS with SCI eligibility.

• Experience with eMASS and/or Xacta is required (preferably eMASS)
• Experience with cloud platforms like Amazon Web Services (AWS), Microsoft Azure, etc., and migrating customers/projects to the cloud
• Experience working in a Unix/Linux environment
• Experience working in cloud infrastructures
• Must have high…