
Cybersecurity RMF Analyst
Posted Jul 2

Posted Jul 2
This is a fully remote position, open to applicants in South Carolina.
• Evaluate the cybersecurity standards and practices of cloud-based systems in relation to FedRAMP, DoW, and DHA requirements.
• Document cybersecurity posture to support the RMF process.
• Facilitate the progression of multiple information systems through the RMF process and uphold accreditations via continuous monitoring and annual evaluations.
• Offer solutions to complex issues that necessitate frequent application of expertise and creativity.
• Act as a Subject Matter Expert (SME) on one or more technologies or skills pertaining to A&A activities and documentation.
• Engage in sessions focused on identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies.
• Stay informed about evolving security and risk management standards and communicate relevant changes to existing processes.
• Create, update, and/or review RMF documentation, including IV&V results, Risk Assessment Reports, and POA&M development.
• Generate, update, and/or review cybersecurity documentation for cloud-native services from providers such as Microsoft, Amazon, Oracle, and Google.
• Evaluate system compliance against NIST, DoW, and DHA security requirements, including the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
• Provide necessary evidence to support compliance status for NIST and DoW.
• Examine and assess authorization boundary diagrams, service architecture diagrams, data flow diagrams, and hardware and software inventories.
• Analyze vulnerability scans of information systems.
• Bachelor’s Degree with ten (10) years of experience in Cybersecurity / Information Technology, or eighteen (18) years of hands-on experience in Cybersecurity / Information Technology in lieu of a degree.
• Active DoW Secret security clearance.
• DoW 8570-compliant certification.
• Proven experience in assessing, managing, engineering, or architecting cloud technologies from major vendors like Microsoft, Amazon, or Google.
• A cloud-related certification such as Google Certified Professional Cloud Architect, Microsoft Azure Fundamentals, AWS Certified SysOps Administrator, or ServiceNow Certified Administrator.
• Proficient in Risk Management Framework.
• Experience with RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes.
• Experience working within DoW.
• Experience assessing systems in accordance with NIST 800-53 and/or DISA STIGs and SRGs.
• KBR provides a range of competitive lifestyle benefits, which may include a 401K plan with company match.
• Medical, dental, vision, life insurance, AD&D, flexible spending account, and disability coverage.
• Paid time off.
• Flexible work schedule.
• Support for career advancement through professional training and development.
CrowdStrike
Davis Wright Tremaine LLP
American Residential Services
Get handpicked remote jobs straight to your inbox weekly.