Risk Management Framework (RMF) Analyst – Top Secret Clearance | Norfolk, VA

Risk Management Framework (RMF) Analyst – Top Secret Clearance | Norfolk, VA 

Cambridge International Systems, Inc. 

Join a dynamic global team united by shared values: commitment, integrity, and perseverance. At Cambridge, you’ll work alongside top talent worldwide, tackling some of today’s most complex and critical challenges in defense and security. 

We are currently seeking a Risk Management Framework (RMF) Analyst to support operations in Norfolk, VA. This is a full-time position requiring an active DoD TS clearance. 

This position is contingent upon contract award with an expected award date of January 2026. 

What You’ll Do 

• ​​​​​​​Design and maintain enterprise and systems security throughout the development lifecycle in alignment with DoD and DoN RMF guidance.
• Conduct assessments of management, operational, and technical security controls to evaluate system compliance and risk posture
• Maintain and update RMF and A&A documentation across the OPTEVFOR Cyber OT&E mission, including revisions in eMASS and DADMS.
• Create, validate, and revise cybersecurity SOPs, system security plans (SSPs), contingency plans, and privacy impact assessments.
• Review and maintain inventories of authorized software, GFE, ports, protocols, and circuit registrations (GIAP/SNAP).
• Execute annual RMF reviews and STIG validations on systems, identifying and recommending corrective actions for non-compliance.
• Support configuration audits, vulnerability scans, POA&Ms, SARs, test plans, and documentation of RMF lifecycle artifacts.
• Lead semi-annual tabletop exercises and review business impact analysis and disaster recovery plans for compliance.
• Serve on the Configuration Control Board (CCB), ensuring approved changes are reflected in security documentation.
• Provide technical reports on system scan results, cybersecurity compliance, and configuration management.
• Advise stakeholders on risk management, ATO strategy, and secure architecture to meet mission requirements.

What You’ll Bring 

Required Qualifications: 

Education & Experience:  

• Minimum 5 years of experience designing enterprise/system security throughout the development lifecycle.
• Minimum 3 years conducting assessments of security controls and authoring RMF documentation.
• Minimum 3 years of experience supporting RMF certification and accreditation efforts for DoD/DON systems.
• Familiarity with eMASS, DADMS, GIAP, STIGs, and the DoDI 8510 series.
• Strong working knowledge of NIST SP 800-series, DoD cybersecurity policies, and A&A lifecycle artifacts.
• Must have a current and active DoD TS security clearance with the ability to obtain a SCI clearance.
• Proficient with modern IT tools and infrastructure technologies 

  Preferred (Nice to Have): 

• Experience supporting OT&E environments, including cyber test toolset and infrastructure validation.
• Knowledge of network architecture, PKI, firewall and encryption methods, and multilevel/cross-domain security solutions.
• Ability to translate technical requirements into secure designs that meet mission and compliance objectives.
• Knowledge of PII data security, program protection planning, and enterprise security architecture frameworks.
• Proficiency in system hardening, vulnerability remediation, and documentation for RMF artifacts.
• Experience conducting security audits, contingency plan tests, and cloud-based system evaluations.

Travel & Passport 

• Some overnight stays possible.  

Work Environment 

• Compliance with vaccination and medical requirements for TDY/OCONUS roles as per Vaccine Recommendations by AOR | Health.mil. 

Office setting: 

• Primarily an office-based role in Norfolk, VA

• Standard desk/computer work with flexibility for walking and movement on site 

• Must be able to work in an office environment, sitting at a desk, looking at a computer for most of the workday. 

• Work is physically comfortable; the employee has discretion about sitting, walking, standing, etc. 

• May be required to travel short distances to offices/conference rooms and buildings on site.   

Background & Security 

• Employment is contingent upon successful background investigation 

• Drug screening may be required for federal contract compliance 

Benefits & Perks 

We believe in investing in our team—both professionally and personally: 

• Medical, dental, vision, life, accident, and critical illness insurance 

• 401(k) immediate vesting and match 

• Paid time off and company holidays 

• Generous tuition & training support 

• Relocation assistance 

• Sign-on and performance-based bonuses 

• Employee referral program 

• Access to Tickets at Work, EAP, wellness initiatives, and more 

Join Us 

If you're driven by mission, technology, and teamwork—we want to hear from you. Cambridge is growing, and this position is just one of many opportunities on our global team. Know someone perfect for the role? Referrals are welcome—both employees and non-employees may qualify for a bonus. 

Apply today and help shape the future of secure cloud computing for national security. 

About Cambridge International Systems 

At Cambridge, innovation grows through diversity. We are proud to be an equal opportunity employer, committed to creating an inclusive and supportive work environment for all. Learn more at www.cbridgeinc.com.  

Powered by JazzHR