True Zero Technologies, LLC

RMF Analyst

True Zero Technologies, LLC

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber Security

About the role

  • Assessment and Authorization (A&A)**:** Guide systems through the 6-step RMF process (NIST SP 800-37) to obtain/maintain an ATO.
  • Security Control Assessment: Evaluate technical controls using tools like ACAS or SCAP and analyze __STIG (Security Technical Implementation Guides) checklists.__
  • Documentation**:** Create and maintain SSPs (System Security Plans), POA&Ms, and security assessment reports.
  • Risk Management: Identify, analyze, and mitigate security risks in coordination with system owners and stakeholders
  • Compliance Monitoring**:** Conduct continuous monitoring to ensure ongoing compliance with Federal or DoD cybersecurity policies
  • System Categorization**:** Defining the system's boundary and assessing the potential impact of a security breach on the organization’s mission.
  • Security Control Selection**:** Identifying and tailoring the specific security controls
  • Implementation & Assessment**:** Verifying that security controls are properly implemented through audits, technical testing, and vulnerability scans.

Requirements

  • Bachelor's degree in Computer Science, Cybersecurity, or Information Systems is preferred.
  • Certifications are highly encouraged such as:
  • CompTIA Security+
  • Certified Information Systems Security Professional (CISSP)
  • Certified in Governance, Risk, and Compliance (CGRC)
  • Proficiency with RMF management tools like **eMASS**, **XACTA**, or **STIG Viewer**, and vulnerability scanners like **ACAS** or **Nessus **are highly preferred.
  • Holding and maintaining a clearance may be required
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Risk Management Framework (RMF)Security Control AssessmentTechnical Control EvaluationVulnerability ScanningSecurity Control SelectionSystem Security Plans (SSPs)Plan of Actions and Milestones (POA&Ms)Continuous MonitoringSystem CategorizationSecurity Technical Implementation Guides (STIG)
Soft Skills
Risk AnalysisStakeholder CoordinationDocumentation SkillsAnalytical SkillsProblem Solving
Certifications
CompTIA Security+Certified Information Systems Security Professional (CISSP)Certified in Governance, Risk, and Compliance (CGRC)