Risk Management Framework (RMF) Analyst
ASRC Federal.com
90k - 97k USD/year
Office
Alexandria, VA, 22311, US
Full Time
ASRC Federal is a leading government contractor furthering missions in space, public health and defense. As an Alaska Native owned corporation, our work helps secure an enduring future for our shareholders. Join our team and discover why we are a top veteran employer and Certified Great Place to Work™
ASRC Federal is seeking a qualified Risk Management Framework (RMF) Analyst to support a DoDEA client headquartered in Alexandria, VA. Onsite work is required, but some telework is possible upon government authorization.
Summary:
The RMF Analyst will support the Department of Defense Education Activity (DoDEA) Office of the Chief Information Officer by delivering comprehensive Risk Management Framework (RMF) Assessment and Authorization (A&A) support. This position focuses on the assessment and documentation of information systems to ensure compliance with federal and DoDEA cybersecurity policies, with the ultimate goal of supporting the granting of Authority to Operate (ATO). The analyst will assist with implementation of security controls, ongoing system monitoring, and documentation within eMASS. This is a Journeyman-level role that supports senior cybersecurity personnel and integrates into DoDEA's enterprise security team.
Key Responsibilities:
· Conduct annual Assessment and Authorization (A&A) package reviews for completeness and accuracy, including System Security Plans, Privacy Threshold Assessments, Contingency Plans, and other artifacts.
· Review and revise A&A documentation in eMASS to ensure consistency, accuracy, and compliance with DoD and DoDEA standards.
· Implement and maintain continuous monitoring strategies, including documentation of security control effectiveness.
· Create Security Assessment Plans (SAP), Rules of Engagement (ROE), and Security Assessment Reports (SAR).
· Perform security control assessments using eMASS and generate supporting deliverables, such as Security Categorization Reviews and implementation validation.
· Support the development and sustainment of Memoranda of Agreement (MOA) and Memoranda of Understanding (MOU) focused on shared/inherited security controls.
· Prepare monthly reports outlining the status and metrics of A&A documentation and provide recommendations for improvements to the A&A process.
· Assist in implementing security controls as per DoDEA’s System Security Plans, ensuring alignment with mandatory configuration and federal policies.
· Identify non-compliant security controls and develop Plan of Action & Milestones (POA&Ms), including tracking milestones in eMASS.
· Develop strategies for the continuous monitoring of security controls and system/environment changes.
Required Qualifications:
· U.S. Citizenship.
· Active SECRET security clearance.
· Bachelor's degree required, and 2 years related experience minimum.
· Tier 3 background investigation clearance (NACLC).
· Minimum IAT Level II or III certification (in accordance with DoDD 8140.01).
· Experience supporting RMF and cybersecurity compliance within DoD environments.
· Familiarity with eMASS, DISA STIGs, and other DoD cybersecurity tools.
· Strong organizational, documentation, and technical writing skills.
Clearance Requirement:
Active SECRET security clearance required. Must be a U.S. Citizen and meet DoD ADP Level II requirements.
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
ASRC Federal is seeking a qualified Risk Management Framework (RMF) Analyst to support a DoDEA client headquartered in Alexandria, VA. Onsite work is required, but some telework is possible upon government authorization.
Summary:
The RMF Analyst will support the Department of Defense Education Activity (DoDEA) Office of the Chief Information Officer by delivering comprehensive Risk Management Framework (RMF) Assessment and Authorization (A&A) support. This position focuses on the assessment and documentation of information systems to ensure compliance with federal and DoDEA cybersecurity policies, with the ultimate goal of supporting the granting of Authority to Operate (ATO). The analyst will assist with implementation of security controls, ongoing system monitoring, and documentation within eMASS. This is a Journeyman-level role that supports senior cybersecurity personnel and integrates into DoDEA's enterprise security team.
Key Responsibilities:
· Conduct annual Assessment and Authorization (A&A) package reviews for completeness and accuracy, including System Security Plans, Privacy Threshold Assessments, Contingency Plans, and other artifacts.
· Review and revise A&A documentation in eMASS to ensure consistency, accuracy, and compliance with DoD and DoDEA standards.
· Implement and maintain continuous monitoring strategies, including documentation of security control effectiveness.
· Create Security Assessment Plans (SAP), Rules of Engagement (ROE), and Security Assessment Reports (SAR).
· Perform security control assessments using eMASS and generate supporting deliverables, such as Security Categorization Reviews and implementation validation.
· Support the development and sustainment of Memoranda of Agreement (MOA) and Memoranda of Understanding (MOU) focused on shared/inherited security controls.
· Prepare monthly reports outlining the status and metrics of A&A documentation and provide recommendations for improvements to the A&A process.
· Assist in implementing security controls as per DoDEA’s System Security Plans, ensuring alignment with mandatory configuration and federal policies.
· Identify non-compliant security controls and develop Plan of Action & Milestones (POA&Ms), including tracking milestones in eMASS.
· Develop strategies for the continuous monitoring of security controls and system/environment changes.
Required Qualifications:
· U.S. Citizenship.
· Active SECRET security clearance.
· Bachelor's degree required, and 2 years related experience minimum.
· Tier 3 background investigation clearance (NACLC).
· Minimum IAT Level II or III certification (in accordance with DoDD 8140.01).
· Experience supporting RMF and cybersecurity compliance within DoD environments.
· Familiarity with eMASS, DISA STIGs, and other DoD cybersecurity tools.
· Strong organizational, documentation, and technical writing skills.
Clearance Requirement:
Active SECRET security clearance required. Must be a U.S. Citizen and meet DoD ADP Level II requirements.
We invest in the lives of our employees, both in and out of the workplace, by providing competitive pay and benefits packages. Benefits offered may include health care, dental, vision, life insurance; 401(k); education assistance; paid time off including PTO, holidays, and any other paid leave required by law.
EEO Statement
ASRC Federal and its Subsidiaries are Equal Opportunity employers. All qualified applicants will receive consideration for employment without regard to race, gender, color, age, sexual orientation, gender identification, national origin, religion, marital status, ancestry, citizenship, disability, protected veteran status, or any other factor prohibited by applicable law.
Risk Management Framework (RMF) Analyst
Office
Alexandria, VA, 22311, US
Full Time
90k - 97k USD/year
September 19, 2025