Cybersecurity RMF Analyst

Cybersecurity RMF Analyst

Your Impact

Enable Skyward Federal’s mission by guiding systems through the Risk Management Framework (RMF) and maintaining secure authorization packages for mission-critical technologies. Your work ensures Skyward platforms meet DoD cybersecurity requirements and obtain and sustain Authority to Operate (ATO) across complex classified and multi-domain environments. This role requires an active Top Secret security clearance.

Where You'll Take Charge

• RMF Authorization & ATO Lifecycle: Lead systems through the RMF lifecycle, supporting authorization, continuous monitoring, and ongoing compliance activities for DoD systems
• Security Control Implementation: Interpret and implement security requirements across NIST 800-53, ICD 503, and JSIG frameworks within real system architectures
• Body of Evidence & Traceability: Develop and maintain RMF artifacts and ensure traceability between system components, security controls, and supporting evidence
• Cybersecurity Collaboration: Partner closely with engineering, platform, and product teams to ensure system architectures and deployments align with required security controls

Primary Responsibilities

• Guide systems through the RMF lifecycle including categorization, control implementation, assessment support, authorization, and continuous monitoring
• Develop and maintain RMF documentation including System Security Plans (SSPs), POA&Ms, control narratives, and Body of Evidence artifacts
• Map and validate NIST 800-53 controls against system architecture, ensuring accurate implementation and traceability
• Maintain authorization packages within RMF tools such as eMASS, Xacta, similar compliance platforms, or especially with individual artifact (paper) packages
• Analyze system architecture, components, and authorization boundaries to ensure RMF artifacts accurately reflect deployed technologies.
• Support ATO acquisition and sustainment activities for classified and mission systems.
• Coordinate with ISSOs, ISSMs, and Security Control Assessors during authorization and assessment activities
• Track remediation activities and support continuous monitoring efforts across secure environments

Your Edge

• Experience implementing RMF for DoD systems aligned to NIST 800-53 and ICD 503
• Experience developing and maintaining ATO packages and RMF artifacts
• Strong understanding of system architecture, authorization boundaries, and control traceability
• Experience working with RMF management tools such as eMASS or Xacta
• Ability to translate security