CrawlJobs Logo
BlueWater Federal Solutions Logo BlueWater Federal Solutions · IT - Administration

RMF Analyst / ISSO Support

United States, Montgomery Employment contract · Job Posted May 30, 2026
Apply Position
Job Link Share

Job Description

Bluewater Federal is looking for a RMF Analyst/ISSO Support to support the USAF at Maxwell AFB. The Base Maintenance (BMx) Family of Systems program provides critical lifecycle support for enterprise U.S. Air Force logistics and maintenance systems that enable global mission readiness and sustainment operations.

Job Responsibility

  • Prepare and maintain RMF documentation and cybersecurity artifacts
  • Support eMASS package development and authorization activities
  • Conduct STIG compliance reviews and vulnerability tracking activities
  • Manage POA&M development, maintenance, and remediation reporting
  • Support continuous monitoring and cybersecurity compliance assessments
  • Coordinate cybersecurity evidence collection supporting release activities
  • Assist with audits, inspections, and authorization reviews

Requirements

  • 5+ years of RMF support experience
  • Experience with eMASS, RMF documentation, ACAS, STIGs, POA&M management and Security compliance reporting
  • Must have an active Secret clearance
  • Security+ is required
  • CAP certification is preferred

Nice to have

CAP certification is preferred

BlueWater Federal Solutions - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

RMF Analyst / ISSO Support

8 matching positions

Information Security Analyst

At Cryptic Vector, we are dedicated to mission success. We take the time to unde...
Location
Location
United States , Miamisburg
Salary
Salary:
Not provided
crypticvector.com Logo
Cryptic Vector
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2–5+ years of experience supporting classified information systems or RMF compliance activities
  • Active Top Secret Clearance with SCI eligibility
  • DoD 8140-compliant or equivalent legacy 8570 certifications (e.g. Sec+, CISSP)
  • Hands-on experience with RMF documentation and compliance tools, such as eMASS, STIG Viewer, SCAP
  • Knowledge of NIST SP 800-53 controls, security control implementation, and auditing practices
  • Familiarity with classified environments and government security processes
  • Strong attention to detail and ability to manage compliance documentation accurately
  • Completion of applicable DCSA training for classified RMF and system authorization within 90 days of hire
Job Responsibility
Job Responsibility
  • Act as ISSO for classified systems, supporting the RMF lifecycle, including: Security control assessments
  • System authorization (ATO) maintenance
  • Continuous monitoring and reporting
  • Manage and maintain RMF documentation in eMASS or manually (based on customer requirements), including: System Security Plans (SSP)
  • Security Control Traceability Matrices (SCTM)
  • Risk Assessment Reports (RAR)
  • Plans of Action & Milestones (POA&M)
  • Conduct and document vulnerability assessments using tools such as: SCAP Compliance Checker
  • STIG Viewer
  • Perform audits and reviews to verify compliance with applicable security controls and standards, including: NIST SP 800-53
What we offer
What we offer
  • 100% Company-paid medical insurance for employees
  • 100% Company-paid dental and vision insurance
  • Competitive salary and bonus
  • 25% 401k company contribution
  • Generous PTO, parental leave, bereavement leave, and volunteer time
  • Flexible work hours
  • Tuition reimbursement, training allowance, internal mobility opportunities
  • Free beverages and snacks, Donut Fridays, monthly social events
  • Fulltime
Read More
Arrow Right

Senior Information System Security Officer

We are seeking a highly skilled and mission-driven Senior Information Systems Se...
Location
Location
United States , Clarksburg
Salary
Salary:
Not provided
imts.us Logo
Innovative Management & Technology Services
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field (or equivalent combination of education and experience)
  • 8+ years of progressive experience in information systems security, with at least 3 years in a senior-level or lead ISSO role supporting federal or state government agencies
  • Strong working knowledge of: NIST 800-53, RMF, FISMA, OWASP Top 10, and SANS Institute standards
  • SAFe Agile environments and integrating security in Agile workflows
  • Networking, Linux/Windows system administration, and secure software development practices
  • Cloud platforms (AWS, Azure, GCP) and related security tools (e.g., AWS Security Hub, Azure Defender)
  • Experience in managing security documentation, participating in audits, and working with compliance frameworks
  • Relevant certifications such as CISSP, CISM, Security+, CEH, or equivalent
  • Active Top Secret clearance is required
  • U.S. Citizenship is required
Job Responsibility
Job Responsibility
  • Lead the implementation and maintenance of system security controls in compliance with federal cybersecurity frameworks, including NIST SP 800-53, RMF, OWASP, DISA STIGs, and Common Criteria
  • Oversee the full lifecycle of Authorization to Operate (ATO) processes, including preparation of System Security Plans (SSPs), Security Assessment Reports (SARs), POA&Ms, and risk assessments
  • Serve as a senior security advisor and liaison to system owners, developers, DevOps engineers, and government stakeholders
  • Participate in technical reviews of system architecture and ensure secure design of virtualized and software-defined infrastructures
  • Support integration of security controls into CI/CD pipelines using DevSecOps principles and tools (e.g., Jenkins, GitLab CI, SonarQube, Snyk)
  • Provide security engineering support for modern cloud environments, including AWS, Azure, or Google Cloud Platform, and assess cloud-native security capabilities
  • Conduct vulnerability assessments, interpret scan results from tools like Tenable, Nessus, Splunk, or Qualys, and lead remediation efforts
  • Mentor junior ISSOs and analysts on security policies, best practices, and tool usage
  • Ensure continuous monitoring activities are aligned with organizational risk tolerance and compliance goals
What we offer
What we offer
  • competitive compensation
  • excellent benefits including tuition reimbursement and employer-contributed 401K
  • referral bonuses
  • Fulltime
Read More
Arrow Right

Cybersecurity Analyst

As a Cybersecurity Analyst, you will support in the collection, organization, an...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
bwfed.com Logo
BlueWater Federal Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science, Information Technology, or related field (or equivalent certification and experience)
  • 3+ years of experience performing vulnerability assessment and security analysis
  • Must have at a minimum a Security+ CE certification
  • Active or interim Secret clearance is required
  • Familiarity with VRAM, ACAS, and eMASS tools
Job Responsibility
Job Responsibility
  • Collect and analyze data from vulnerability scans, configuration reviews, and system audits
  • Assist in documenting findings and generating metrics for cybersecurity dashboards
  • Support incident response coordination and tracking of cybersecurity events
  • Perform entry-level risk assessments under supervision of senior analysts or ISSOs
  • Help maintain POA&M tracking spreadsheets and RMF documentation in eMASS
  • Participate in training and professional development to maintain CSWF compliance
Read More
Arrow Right

Cyber Security Assessment & Authorization Analyst

The Cyber Security Assessment & Authorization Analyst role at NTT DATA involves ...
Location
Location
United States , Rockville
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Management Information Systems, Computer Science, or related cybersecurity discipline
  • Minimum 8 years of experience with assessment and accreditation (A&A)
  • Minimum 8 years of experience as a security control assessor or validator
  • Minimum 8 years of experience with maintaining IT security policies, processes, and guidance
  • Minimum 3 years of experience with using GRC tool – CSAM
  • Ability to obtain a Public Trust Clearance
Job Responsibility
Job Responsibility
  • Support a client as an assessment and authorization (A&A) analyst, including A&A efforts for various agency systems
  • Leads the team on ISSO and Assessors in the day to day tasks
  • Maintain responsibility for supporting federal clients obtaining the authority to operate (ATO) for new and modernized systems
  • Serve as senior team lead providing guidance and working with team members in performance/delivery of all assigned A&A efforts
  • Adhere to the NIST Risk Management Framework (RMF) to support the A&A process, including analyzing the development of supporting policies, procedures, and plans, designing and implementing security controls, testing and validating security controls, and analyzing and tracking corrective action plans
  • Ensure all supporting artifacts and results will be documented in the A&A repository
  • Performing security controls assessments on security boundaries and producing required security documentation
  • Experience with NIST special publications (SPs) regarding the SA process, including SP 800-53, SP 800-137, and SP 800-37
  • Experience with continuous monitoring and plans of action and milestones (POA&M) management
  • Experience with assessing systems deployed in Cloud Environments
Read More
Arrow Right

Operations & Security Manager

The SOC Manager is the designated leader responsible for the day-to-day manageme...
Location
Location
United States , Tallahassee
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master's degree in engineering, information technology, or related field (or equivalent formal training and experience)
  • Minimum 10 years of overall experience, including at least 7 years in Information SPAA, cybersecurity, system administration, or engineering
  • At least 7 years as ISSO, security analyst, or security engineer with hands-on experience in NIST Risk Management Framework (RMF), audit log reviews, system monitoring, SPAA processes, FISMA requirements, vulnerability and compliance scanning, continuous monitoring, security testing and evaluation, security policies
  • Minimum 7 years of experience in vertical disciplines such as law enforcement, anti-terrorism, biological science, banking, transportation, or similar fields
  • Minimum 5 years managing a SOC or similar 24x7 security operations team
Job Responsibility
Job Responsibility
  • Lead the design and implementation of complex IT security solutions, including Threat Management, Vulnerability Management, and Identity and Access Management
  • Evaluate security control compliance with federal and State of Florida requirements and client monitoring strategies
  • Develop and manage security standards for physical and virtual desktop environments
  • Identify and manage risks associated with information systems
  • Coordinate with the client's Cybersecurity Unit to maintain compliance and Authorization to Operate (ATO)
  • Ensure secure operation, maintenance, and disposal of assigned assets and systems
  • Conduct annual assessments to ensure policy and standards compliance
  • Address security requirements throughout the system lifecycle
  • Establish and review audit trails and retain audit logs
  • Generate and interpret documentation for CSAM compliance
  • Fulltime
Read More
Arrow Right

Operations & Security Manager

The SOC Manager is the designated leader responsible for the day-to-day manageme...
Location
Location
United States , Tallahassee
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Master’s degree in engineering, information technology, or related field (or equivalent formal training and experience)
  • Minimum 10 years of overall experience, including at least 7 years in Information SPAA, cybersecurity, system administration, or engineering
  • At least 7 years as ISSO, security analyst, or security engineer with hands-on experience in: NIST Risk Management Framework (RMF)
  • audit log reviews
  • system monitoring
  • SPAA processes
  • FISMA requirements
  • vulnerability and compliance scanning
  • continuous monitoring
  • security testing and evaluation
Job Responsibility
Job Responsibility
  • Lead the design and implementation of complex IT security solutions, including Threat Management, Vulnerability Management, and Identity and Access Management
  • Evaluate security control compliance with federal and State of Florida requirements and client monitoring strategies
  • Develop and manage security standards for physical and virtual desktop environments
  • Identify and manage risks associated with information systems
  • Coordinate with the client’s Cybersecurity Unit to maintain compliance and Authorization to Operate (ATO)
  • Ensure secure operation, maintenance, and disposal of assigned assets and systems
  • Conduct annual assessments to ensure policy and standards compliance
  • Address security requirements throughout the system lifecycle
  • Establish and review audit trails and retain audit logs
  • Generate and interpret documentation for CSAM compliance
Read More
Arrow Right

Information Systems Security Officer

The ISSO will develop, implement, and integrate cybersecurity into information s...
Location
Location
United States , Colorado Springs
Salary
Salary:
130000.00 - 170000.00 USD / Year
astrion.us Logo
Astrion
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years technical experience in cybersecurity or information technology with focus on cybersecurity implementations
  • Must meet position and certification requirements for the following DoW Cyberspace Workforce Role Code(s) and Proficiency Level(s): 722 - Information Systems Security Manager (Proficiency Level: Advanced)
  • 462 - (Control Systems Security Specialist) (Proficiency Level: Advanced)
  • 541 - Vulnerability Assessment Analyst (Proficiency level: Advanced)
  • Firm understanding of the DoD 8500.1-M, DoDM 5205.07, Volume 1, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53, Intelligence Community Directive (ICD) Number 503
  • Experience with eMASS, XACTA, or equivalent RMF tools
  • Experience with both Vulnerability and Compliance scanning tools (ACAS, Nessus Professional, SCC, Evaluate-STIG)
  • Experience with system security logs and associated Security Information and Event Management (SIEM) tools (Splunk, ELK stack)
  • Ability to work well independently as well as follow detailed instructions for completing tasks
  • Demonstrated ability to complete tasks, drive projects to closure, assimilate and correlate project information in a fast-paced environment with minimum guidance
Job Responsibility
Job Responsibility
  • Participate in the development or modification of organizational cybersecurity program plans, policies, processes, procedures, and requirements
  • Support cybersecurity planning, assessment, risk analysis, and risk management for systems across multiple security domains
  • Recommend organizational and system level solutions to resolve cybersecurity requirements while maintaining system availability
  • Write authorization and accreditation (A&A) documentation and supporting artifacts
  • Interact with technical team members from multiple disciplines including performing vulnerability and compliance scanning, remediations, and system audits
  • Perform technical hardware & software reviews and advise leadership of changes affecting organization’s cybersecurity posture
  • Perform technical security assessments of complex systems
  • Establish and maintain cybersecurity control baseline(s) for all unit systems
  • Generate RMF control narratives
What we offer
What we offer
  • Competitive salaries
  • Continuing education assistance
  • Professional development
  • Multiple healthcare benefits package options
  • 401K with employer matching
  • Competitive time off policy along with a federally recognized holiday schedule
  • Fulltime
Read More
Arrow Right

Functional Analyst Level 2

This role is responsible for identifying and implementing security requirements ...
Location
Location
United States , Annapolis Junction
Salary
Salary:
Not provided
ctp-web.com Logo
Columbia Technology Partners
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Two (2) years of relevant work experience
  • Bachelor's degree in Computer Science or IT Engineering
  • Knowledge of the Risk Management Framework (RMF) with at least one (1) year of hands-on experience applying its principles
  • U.S. Citizenship is required for all applicants
  • This position requires an active Security Clearance with appropriate Polygraph
Job Responsibility
Job Responsibility
  • Conduct functional analyses to define critical cybersecurity tasks and their interrelationships
  • Analyze mission and customer requirements to determine system testing needs
  • Identify the resources needed to create, register, and assign System Security Plans (SSPs) in coordination with Delegated Authorizing Officials (DAOs), Information System Security Officers (ISSOs), and System Owners
  • Collaborate with Security Control Assessors to determine and execute system testing requirements
  • Maintain the security posture of Information Systems by ensuring adherence to security policies, standards, and procedures
  • Support System Security Planning activities and work with engineering teams on system integration efforts
  • Review, maintain, and update organizational documentation related to cybersecurity requirements
What we offer
What we offer
  • Medical: CTP offers 3 superior plans, bringing our employees both in-network and out-of-network options
  • Vision + Dental: Both free to you + paid in full by CTP
  • Retirement: 401k - 6% company contribution
  • PTO + Leave: Offering customizable leave plans
  • Jury Duty, Bereavement + Military Leave provided
  • Career Growth: Up to $10,000 provided for approved career-related learning, training, education, and/or tuition
  • Life and AD&D Insurance/Short-Term & Long-Term Disability: at zero cost to you
  • Profit Sharing Bonus: End of year cash gets added to your bottom-line
  • Referral Bonus Program: Our bonuses range from $7,000-$20,000
  • Fulltime
Read More
Arrow Right