×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

Risk Management Framework; RMF Analyst

Job in Norfolk, Virginia, 23500, USA
Listing for: Dutch Ridge Consulting Group (DRCG), LLC
Full Time position
Listed on 2026-02-24
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Risk Management Framework (RMF) Analyst

Company Overview

Dutch Ridge Consulting Group, LLC (DRCG), a United States (US) Small Business Administration (SBA) Certified Service-Disabled Veteran-Owned Small Business (SDVOSB) and ISO 9001:2015 Certified Company was established in 2016. DRCG is 100% US owned, has over 50 employees, and provides high-quality support staff at ten client locations throughout the US, with corporate offices in Ashburn, VA and Beaver, PA. DRCG delivers expertise in Cybersecurity Engineering and Operations;
Cyber Threat Intelligence;
Insider Threat Prevention and Detection;
Information Technology Solutioning;
Systems Integration;
Program Management;
Policy, Planning, Communications, and Compliance Support;
Workflow Solutioning;
Risk Management;
Business Process Reengineering; and Professional Business Consulting Services. DRCG's technical approach optimizes client investments by leveraging expertise in managing growth and transformation of existing IT environments.

Contingent Upon Contract Award

Support cyber OT&E mission

Support cyber OT&E mission by applying expertise in enterprise and system-level security design throughout the development lifecycle, ensuring alignment with evolving laws, regulations, and DoD and DON cybersecurity policies. Responsibilities include translating 11 complex technical and environmental requirements into effective security architectures and contributing to RMF efforts across all steps. Assist in system categorization, policy documentation, control selection, and control implementation, and perform comprehensive assessments of management, operational, and technical security controls to evaluate their effectiveness.

Additional duties include RMF support outlined in the RMF Process Guide (RPG) for the ISSE role. Provide project management and subject matter expertise to guide certification and accreditation activities for OT&E test infrastructure and toolsets, working closely with internal stakeholders and external oversight organizations to ensure timely and compliant system approvals.

Duties And Responsibilities
  • Create, review, update, and validate cybersecurity Standard Operations Procedures (SOPs) as required.
  • Review and maintain an inventory of authorized software (software custodian).
  • Review and maintain an inventory of government furnished devices and media.
  • Ensure configurations on laptops and servers are validated prior to being deployed (as required).
  • Audit and validate configurations of network devices based on STIGs, or defining and implementing compensating controls of such STIGs as required to ensure mission execution.
  • Maintain and update all RMF and A&A documentation to ensure relevancy and alignment with OPTEVFOR cyber OT&E mission assets to include required revisions and updates in eMASS.
  • Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset, networks, and/or systems.
  • Ensure traceability is maintained throughout the RMF submission process (e.g., A&A plan, Plan Of Action and Milestones (POA&M), Security Assessment Report (SAR), topology, software, ports protocols and services, test plan).
  • Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON / DADMS.
  • Maintain documentation and registration of network ports, protocols, and services.
  • Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP).
  • Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation.
  • As a member of the Configuration Control Board (CCB), ensure CCB approved changes are timely and accurately reflected in the A&A documentation.
  • Support compliance validation of current and future directives (e.g.: IAVs, STIGs, TASKORD/CTOs).
  • Provide recommendations for corrective action of any non-compliant security controls.
  • Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with DoD Instruction 8510 series, Risk Management Framework for DoD systems.
  • Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
  • Prepare and maintain documentation, vulnerability scan results, system security assessments, and configuration management findings to support RMF compliance and inform system authorization decisions.
  • Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.
  • Conduct and document a semi-annual tabletop exercise twice in a calendar year.
  • Develop or contribute to security test plans and supporting documentation that verifies the implementation of assigned security controls and inform ongoing risk determinations.
  • Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance, and produce checklists for IT systems.
  • Assist with exercise and/or training and documentation of IT contingency plan and…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search