Senior Zero Trust RMF Analyst (Onsite ONLY) with Security Clearance

---

Job description

Position Overview:
The Senior Zero Trust RMF Analyst plays a pivotal role in supporting the Department of Defense (DoD) cybersecurity programs through the implementation and management of Risk Management Framework (RMF) requirements with a focus on Zero Trust architecture. This position ensures that information systems are categorized, secured, and assessed in accordance with DoD regulations, directives, and the principles of Zero Trust. The Senior Analyst is responsible for conducting in-depth security assessments, coordinating security controls, and ensuring compliance with DoD cybersecurity policies and standards, including adherence to DoD 8140 IAM III requirements.
The Senior Zero Trust RMF Analyst will provide strategic support for system owners and stakeholders in designing, implementing, and sustaining a Zero Trust architecture that aligns with DoD mission objectives, RMF guidelines, and Zero Trust principles. The ideal candidate will have strong analytical skills, an in-depth understanding of cybersecurity policies, and demonstrated experience in system categorization, continuous monitoring, and the risk management of complex DoD information systems. Responsibilities: • Lead Zero Trust RMF Implementation: Implement Zero Trust principles in Risk Management Framework activities, including system categorization, security control selection, and continuous monitoring. • System Categorization: Conduct system categorization activities for DoD information systems in accordance with Zero Trust RMF guidelines. Work closely with system owners to understand the data flows, roles, and interactions that impact risk posture. • Security Control Assessment and Documentation: Evaluate security controls and develop System Security Plans (SSPs) and other RMF artifacts. Document system security postures and ensure that appropriate controls are in place to maintain confidentiality, integrity, and availability. • Continuous Monitoring and Reporting: Implement continuous monitoring strategies using Zero Trust principles to identify and mitigate risks in real time. Establish feedback mechanisms to dynamically adjust system categorization and security controls based on emerging threats. • Vulnerability Management: Ensure that systems are continuously assessed for vulnerabilities, particularly in the context of Zero Trust, which assumes adversaries may already be within the network. Coordinate remediation efforts in line with DoD and organizational policies. • Zero Trust Architecture Support: Collaborate with system architects, network engineers, and cybersecurity professionals to develop and integrate Zero Trust architecture across DoD information systems. Recommend security enhancements and ensure that security measures are continually adapted to evolving threats. • Stakeholder Engagement: Engage with DoD stakeholders, system owners, and leadership to provide briefings, reports, and strategic recommendations on RMF and Zero Trust implementation efforts. Facilitate discussions around cybersecurity strategies, risk acceptance, and security controls. • Policy and Compliance Oversight: Ensure compliance with all DoD cybersecurity policies, including DoD 8140/8570. Monitor changes in DoD cybersecurity regulations and adjust organizational policies and practices accordingly. • Incident Response and Remediation: Support incident response teams in managing and mitigating security incidents, ensuring that all vulnerabilities are properly remediated in accordance with Zero Trust principles. • Security Assessments and Audits: Conduct internal security audits and prepare systems for external security assessments. Validate compliance with RMF requirements through risk assessments, security control validation, and security testing. Minimum Qualifications: • Experience: 7+ years of experience in cybersecurity roles, including hands-on experience with RMF processes. Demonstrated experience implementing Zero Trust architecture within DoD or federal environments. Experience conducting security assessments and creating RMF documentation (e.g., SSPs, POA&Ms, risk assessments). Expertise in continuous monitoring, vulnerability management, and incident response within the Zero Trust framework. • Education: Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field (or equivalent experience). Master's degree is preferred but not required. • Certifications: Must meet DoD 8140/8570 IAM Level III requirements, which include one or more of the following certifications: Certified Information Systems Security Manager (CISSM) Certified Information Security Manager (CISM) Certified Chief Information Security Officer (CCISO) GIAC Security Leadership (GSLC) • Clearance: Active DoD Secret clearance is required; Top Secret is preferred. Preferred Skills: • Zero Trust Knowledge: Strong understanding of Zero Trust principles and their application in DoD cybersecurity strategies, including micro-segmentation, least privilege access, continuous monitoring, and secure access to resources. • RMF Expertise: Deep knowledge of the DoD RMF process, particularly in the categorization and security control implementation stages within a Zero Trust framework. • Technical Acumen: Familiarity with network security technologies, identity management solutions, and cloud security in Zero Trust environments. • Communication: Excellent verbal and written communication skills, with the ability to present complex cybersecurity concepts to both technical and non-technical stakeholders. • Problem Solving: Ability to think critically and provide strategic recommendations for enhancing security and reducing risks through effective Zero Trust and RMF integration. Salary: $165,000 - $175,000 + Benefits

<!– job description page –>