Risk Management Framework; RMF Analyst

Position Summary

The candidate shall be responsible for analyzing Software applications and encryption technology product(s) being assessed or developed for the purpose of specifying and developing Risk Management Framework (RMF) documentation. These documents are required in order to submit products for an Authority To Operate (ATO) or for certifications, such as NIAP and CSfC.

The essential functions include, but are not limited to the following:

• Apply the NIST Special Publication 800-37 Rev 2 Risk Management Framework (RMF) process to information systems and applications currently being assessed or developed by our company for use in the U.S. Federal government, especially the Department of Defense (DoD).
• Formulate plans and schedules to conduct either portions or all of the RMF process on selected products.
• Conduct and guide the analysis needed to gather information needed to produce RMF artifacts.
• Provide recommendation on how RMF products can be used to prepare for other processes or certifications, such as NIAP and CSfC.
• Develop RMF documentation as required to prepare products and systems for submission to an ATO authority or a NIAP/CSfC laboratory.

• Experience conducting RMF process, per NIST SP 800-37 for in-development or existing programs or systems.
• Experience personally drafting RMF products.
• Detailed knowledge of NIST SP 800-53.
• Experience using Cyber-Security analysis tools.

• Experience undergoing the NIAP certification process to successful completion, or work experience conducting NIAP certification within a third party NIAP laboratory.
• Experience working within the CSfC program.
• Certifications in Information Systems security, such as CISSP.

• Salary is $80,000 - $125,000, based on experience and qualifications
• Benefits include health, dental, and vision insurance, short and long term disability, life insurance, 401K, Health Reimbursement Agreement (HRA), and 10 days paid leave, 7 sick days, and 11 Federal holidays.