Lead RMF Analyst

Position Description

Northrop Grumman is seeking a motivated professional to join our Team as a Lead Risk Management Framework (RMF) Analyst. This position is located in Quantico, VA. The Lead RMF Analyst will support the Senior Cyber Security Manager within DSS Cyber Network Defense (CND) unit.

Supports Risk Management Framework to identify, categorize, remediate, and mitigate vulnerabilities on DSS Information Systems. Performs the vulnerability management in accordance with DOD mandates. Identifies, reports, and mitigates the Information Systems within the DSS enclaves that are in non-compliance with DOD standards. The successful candidate will possess and apply a comprehensive knowledge across key tasks and high impact assignments. Plan and lead major technology assignments. Evaluate performance results and recommends major changes affecting program success.

Roles and Responsibilities:

  • Work with key stakeholders to confirm that the system documentation reflects the current security configuration of the system, in terms of hardware and software components, data flow, interconnections, and ports, protocols, and services
  • Works with the cybersecurity and operations team to develop and implement the detailed test plan and review findings from self-assessment to determine readiness for independent assessment
  • Maintain compliance to the standards set by the DISA Filed Security Operations Command Cyber Readiness Inspectors (CCRI) and Certification and Accreditation and all applicable DOD inspection programs
  • Conducts manual checks of the systems during independent testing and reports them in a plan of action and milestones (POAM) document
  • Updates the customers eMASS record for accreditation
  • Conducts in-depth analysis of IV&V and functional/operational test results for accuracy, compliance, and adherence to DoD and Federal cybersecurity technical and operational security requirements
  • Documents residual risks by conducting a thorough review of all the vulnerabilities, architecture, and defense in depth and provides the cybersecurity risk analysis and mitigation determination results for the Test Report
  • Assists the Validator with producing the risk assessment artifacts describing residual risks identified during certification testing
  • Develops/maintains agency level cybersecurity policy and processes that implement DoD Cybersecurity program
  • Has knowledge of DISA STIGs/FDCC requirements, defense-in-depth, and other information security and assurance principles and associated supporting technologies
  • Communicates the security posture of systems up the chain of command so that accreditation decisions can be made based on a thorough understanding of the risks associated with the particular configuration of systems and networks
  • Identifies strategies for improving the assessment and authorization processes and procedures to meet increasingly tight timelines and budgets
  • Conducts status meetings and determines next steps in moving the systems toward a successful accreditation effort


Basic Qualifications:

  • 9 years' of Cyber Security experience (7 Years' with a Master's degree) with a Bachelor's degree in a technical specialty: cyber security, computer science, or similar field. May consider four (4) additional years of relevant experience in lieu of a degree.
  • At least 4 years of experience successfully managing a Vulnerability Management in a DoD environment
  • At least 5 years of relevant experience working with a combination of ACAS, SRG, CCRI, STIGs, IAVMs.
  • Experience with RMF
  • Experience with Cyber security policies, operations, and reporting requirements.
  • Experience with developing policies and procedures specific for the customer
  • Experience performing vulnerability audits and assessments.
  • IAT-I, II or III IA Baseline Certification (SEC , CISSP, etc.)
  • CND IA Auditor Baseline Certification: (CEH, CISA, GSNA)
  • Computing Environment or OS Certificate
  • Security CE certification
  • Must possess an active/current TS/SCI clearance.

Preferred Qualifications:

  • Expert knowledge of NIST publications and is able to work strategically on transition of DIACAP to RMF
  • CCNA certification
  • ITIL v3 certification
  • Experience with Accreditation package management in eMASS
  • Excellent oral and written communication skills

Northrop Grumman is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer, making decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected class. For our complete EEO/AA and Pay Transparency statement, please visit www.northropgrumman.com/EEO. U.S. Citizenship is required for most positions.

Meet Some of Northrop Grumman's Employees

Jacqueline T.

Electrical Engineer

Jacqueline operates on power electronics for Northrop Grumman’s space application projects. She meets with engineering groups, chats with customers, and works on circuit analysis.

Jonathan M.

Electronics Engineer

Jonathan works with avionics industry subject matter experts to come up with new feature developments before implementing those ideas in the Northrop Grumman laboratory.

Back to top