RMF Analyst

Everforth ECS is seeking an RMF Analyst to work in our Sierra Vista, AZ office.

We are seeking a skilled RMF Analyst to support cybersecurity compliance and system authorization efforts to support a Comply to Connect (C2C) system in the DoW environment. This role is responsible for executing Risk Management Framework (RMF) activities, managing security artifacts, and ensuring systems meet  DoD cybersecurity requirements.

The ideal candidate brings hands-on experience with eMASS, understands DoD cyber governance, and can bridge the gap between security compliance and operational system integration.

Key Responsibilities

RMF Execution & ATO Lifecycle Support

• Execute RMF activities in alignment with NIST RMF and DoD 8510.01
• Develop, maintain, and manage Body of Evidence (BoE) artifacts
• Administer and maintain records in eMASS
• Support full Authority to Operate (ATO) lifecycle:
  • Initial authorization
  • ATO sustainment
  • Reauthorization activities
• Maintain and update:
  • System Security Plans (SSPs)
  • Security Control Assessments (SCAs) support artifacts
  • Plan of Action & Milestones (POA&M)

Continuous Monitoring & Compliance

• Perform and support continuous monitoring (ConMon) activities across multiple systems and enclaves
• Track vulnerabilities, findings, and POA&M remediation efforts
• Ensure systems maintain compliance with DoD cybersecurity

Security Engineering Review

• Conduct security impact analysis for:
  • Infrastructure changes
  • System upgrades
  • Configuration modifications
  • New technology integrations
• Validate changes against RMF controls and  requirements prior to production deployment

Security Advisory & Architecture Support

• Provide guidance to engineering and operations teams on:
  • Secure implementation strategies
  • Defense-in-depth principles
  • Security architecture best practices
• Help maintain a secure, compliant, and defensible enterprise environment 

Stakeholder Communication & Coordination

• Communicate technical findings clearly to both technical and non-technical stakeholders
• Support coordination with:
  • Program Managers (PMs)
  • Information System Security Officers (ISSOs)
  • System Owners / Service Owners
• Document findings and recommendations in clear, actionable formats

Collaboration & Knowledge Sharing

• Work closely with cybersecurity, engineering, and operations teams
• Contribute to process improvements, documentation, and best practices
• Support knowledge sharing across teams and programs