Cybersecurity Analyst – Risk Management Framework (RMF)

at SecureStrux
Location Lancaster, PA
Date Posted April 23, 2021
Category Default
Job Type Full-time


Job title

Cybersecurity Analyst - Risk Management Framework (RMF)

Reports to

Director of Operations

Job purpose

This position provides technical security assistance and guidance to several of our commercial and government customers in support of their Assessment and Authorization (A&A) programs. As an RMF Consultant you will be responsible for all phases of Assessment and Authorization (A&A) to ensure compliance and provide guidance on IT Security requirements. As cleared contractors under Defense Counterintelligence & Security Agency (DCSA) formally the Defense Security Service (DSS) you will support all phases of the Risk Management Framework (RMF) process. This position will be required to travel on-site to customers facilities to conduct assessments, conduct control gap analysis, conduct training, and provide Enterprise Mission Assurance Support Service (eMASS guidance. This position requires technical knowledge of National Industrial Security Program Operating Manual (NISPOM) processes for Information Systems (IS) and DCSA RMF process knowledge.

Job Duties

  • Assess, document, and implement RMF process for different types of IS in accordance with the DCSA Assessments and Authorization Process Manual (DAAPM). Systems types may include Multi-user Standalone (MUSA), Single-user Standalone (SUSA), Peer-to-Peer (P2P), Isolated Local Area Network (ISOL), and Enterprise Wide Area Network (eWAN) / WAN systems.
  • Assess the existing policies and procedures against compliance requirements
  • Suggest policy and procedure changes to customers as required for compliance
  • Create and update policy, procedure and process documents for the accreditation package
  • Execute RMF implementation
  • Conduct validation services, prepare POA&M, and compile validation results

Company Related Tasks

  • Company meeting attendance as needed
  • Support Business Development with Level of Effort (LOE), Writing, Reviews, and general proposal support.
  • Assist in the development and adherence of performance targets for projects.
  • Follow all company policies and procedures.


  • At least five (5) years demonstrated experience in NISPOM Compliance and A&A policies, procedures, and processes for information systems
  • Implementing and maintaining NISPOM-compliant information systems
  • Strong writing, presentation and professional communication skills
  • DoD 8570 IAM LVL I Certified required (Security + CE, CAP, GISF, or GSLC)
  • DoD 8570 IAM/IAT LVL III Certified preferred (CASP, CISA, CISM, CISSP)
  • Citizenship/Clearance Requirement: US Citizen / Secret
  • Preferred experience with NIST 800-171 CUI

Disclaimer: This position requires successful completion of a background check and employment verification. The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.

SecureStrux is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, national origin, protected veteran status, or disability status.

Working conditions

Location: Several locations open throughout the U.S. This position requires 50-60% travel to customer sites and remote telework.

Physical requirements

The physical demands of the position include: the job is one where the incumbent is required to sit, perform computer work for periods of time, and do repetitive tasks.

About Us

SecureStrux, LLC is a women-owned small business (WOSB) cybersecurity firm. It provides specialized services in the areas of compliance, vulnerability assessment management, computer network defense, and cybersecurity strategies. Established in 2008 and with deep roots in the DoD cybersecurity community, SecureStrux has a dynamic and talented team of industry-certified professionals that serve some of our country’s largest public and private organizations.

SecureStrux is a small, agile company that offers a variety of benefits to meet the individual needs of its employees and their families.

The current benefit package includes the following:

  • Generous Paid Time Off package.
  • Employer Paid Life Insurance
  • Employer Paid Short/Long Term Disability
  • Employer Paid Vision/Dental
  • 401K and/or Roth - Employer matches up to 4%.
  • Group Health Insurance – Several plans to choose from
  • Education Reimbursement of $3,500/yr. (subject to approval)
  • Corporate Logo Clothing allowance $250/yr. (subject to approval)

SecureStrux is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, national origin, protected veteran status, or disability status.

Job Type: Full-time

Drop files here browse files ...