Risk Management Framework Analyst

Risk Management Framework Analyst Amentum - 3.8 Norfolk, VA Job Details Full-time $125,000 - $140,000 a year 8 hours ago Benefits Employee stock purchase plan Paid holidays Disability insurance Health insurance Dental insurance Tuition reimbursement Paid time off Parental leave Vision insurance 401(k) matching Life insurance Pet insurance Qualifications Security Authorization Vulnerability assessment tools Information security compliance Bachelor's degree System risk assessment (security system operation) DoD 8570 Vulnerability scanning RMF Full Job Description The RMF Analyst shall be responsible for providing cybersecurity expertise and RMF lifecycle management in support of

NIWDC IWTTF

systems. The analyst shall ensure all systems achieve and maintain compliance with Department of War (DoW) policies, enterprise objectives, and established governance processes. The analyst will manage system security posture from categorization to continuous monitoring, ensuring risks are properly mitigated and documented.

Responsibilities include:

Lead the execution of all steps of the RMF process, including system categorization, security control selection, implementation, assessment, authorization, and continuous monitoring. Develop, review, and maintain comprehensive RMF documentation, including the System Security Plan (SSP), Security Assessment Report (SAR), and Plans of Action and Milestones (POA&Ms). Translate assessment outcomes into actionable product artifacts, including risk assessments, vulnerability reports, and recommendations for inclusion in the system's POAM. Coordinate with development teams, system owners, and enterprise stakeholders to validate security control implementation, assess integration impacts, and ensure alignment with established architecture and configuration governance processes. Prepare and deliver executive-level summaries and system security status briefings, capturing prioritized risks, compliance status, and strategic decisions impacting the system's authority to operate (ATO).

Minimum Experience and Requirements:

5 years experience in cybersecurity, with a focus on Assessment & Authorization (A&A) and RMF. Experience creating and managing RMF documentation and utilizing tools such as eMASS. Experience conducting security control assessments and analyzing results from vulnerability scanning tools. Bachelor's degree in Cybersecurity, Information Technology, or a related field. DoD 8570/8140 IAT/IAM Level II certification (e.g., CompTIA Security+, CySA+). Must have an Active Top Secret/SCI US Government Clearance.

Note:

US Citizenship is required to obtain Top Secret/SCI Clearance.

Desired Experience/Qualifications :

Certified Information Systems Security Professional (CISSP) or Certified in Governance, Risk and Compliance (CGRC). Strong written and verbal communication skills, including preparation of reports, briefings, and documentation for Government stakeholders.

Compensation Details:

US:

$125,000 to $140,000 The compensation range or hourly rate listed for this position is provided as a good-faith estimate of what the company intends to offer for this role at the time this posting was issued. Actual compensation may vary based on factors such as job responsibilities, education, experience, skills, internal equity, market data, applicable collective bargaining agreements, and relevant laws.

Benefits Overview:

Our health and welfare benefits are designed to support you and your priorities.

Offerings include:

Health, dental, and vision insurance Paid time off and holidays Retirement benefits (including 401(k) matching) Educational reimbursement Parental leave Employee stock purchase plan Tax-saving options Disability and life insurance Pet insurance

Note:

Benefits may vary based on employment type, location, and applicable agreements. Positions governed by a Collective Bargaining Agreement (CBA), the McNamara-O'Hara Service Contract Act (SCA), or other employment contracts may include different provisions/benefits.

Original Posting:

05/15/2026 - Until Filled Amentum anticipates this job requisition will remain open for at least three days, with a closing date no earlier than three days after the original posting. This timeline may change based on business needs. Amentum is proud to be an Equal Opportunity Employer. Our hiring practices provide equal opportunity for employment without regard to race, sex, sexual orientation, pregnancy (including pregnancy, childbirth, breastfeeding, or medical conditions related to pregnancy, childbirth, or breastfeeding), age, ancestry, United States military or veteran status, color, religion, creed, marital or domestic partner status, medical condition, genetic information, national origin, citizenship status, low-income status, or mental or physical disability so long as the essential functions of the job can be performed with or without reasonable accommodation, or any other protected category under federal, state, or local law. Learn more about your rights under Federal laws and supplemental language at Labor Laws Posters.