Cybersecurity Risk Management Framework Analyst, Mid

The Challenge:

Warnings about cyber threats are everywhere and the constantly evolving nature of these threats can make understanding them seem overwhelming to government agencies and military organizations. In all of this “cyber noise”, how can these organizations understand their risks and how to mitigate them? The answer is you – build your knowledge as a cyber risk specialist who knows how to break down complex threats into manageable plans of action.

Support a Naval client in providing Navy Risk Management Framework (RMF) cybersecurity support for the domain by performing all required Package Submitting Officer (PSO) RMF process steps, as defined in the Navy’s RMF Process Guide; conducting in-depth reviews of authorization packages and artifacts within Enterprise Mission Assurance Support Service (eMASS); reviewing, analyzing, and reporting on current Authorization status and Authorization Termination Dates (ATD) for all systems within the client’s portfolio; reviewing Security Assessment Plans, System-Level Continuous Monitoring Plans, Implementation Plans, Security Control Tailoring Plans, Plans of Actions and Milestones, and Security Assessment Reports (SAR); reviewing completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists; and, performing all coordination functions with the Security Control Assessor Liaisons and Navy Authorizing Official Cybersecurity Analysts (CSA) for Security Authorization Package review, processing requirements, and issues associated with Checkpoint schedules.  In addition, must maintain a real-time status of all supporting commands’ authorization packages via the currently approved database, make determinations if there are risk posture changes when system modifications are requested for authorized systems, brief status of RMF package reviews and recommendations for concurrence to the client’s PSO, and demonstrate and retain requisite cybersecurity knowledge in multiple areas to be able to properly inform and support the varied work activities of a PSO.

Empower change with us.

You Have:

  • Experience with Department of Defense (DoD) Risk Management Framework
  • Experience with DoD Information Assurance Certification and Accreditation Process (DIACAP)
  • Experience with Enterprise Mission Assurance Support Service (eMASS)
  • Experience with reviewing completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists
  • Experience with vulnerability assessment scanning tools and reporting, intrusion detection technologies, intrusion prevention technologies, and host-based security system (HBSS)
  • Experience with test and evaluation for allocating assigned security controls into assessment objectives and procedures, developing and executing Security Assessment Plans (SAP), and applying sequencing to reduce duplication of effort
  • Experience with DoD Assured Compliance Assessment Solution (ACAS) suite of tools
  • Knowledge of DoD published Security Technical Information Guidance (STIG) requirements and implementation or compliance process
  • Secret clearance
  • HS diploma or GED

Nice If You Have:

  • Knowledge of Navy IT sites, systems, and infrastructure, including NCS and PIT
  • Knowledge of applicable Navy systems, networks, and IT infrastructure
  • CompTIA Advanced Security Practitioner (CASP), Certified Information system Security Professional (CISSP), or Certified Information Security Manager (CISM) Certification


Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.

Build Your Career:

Rewarding work, fun challenges, and a ton of investment in our people—that’s Booz Allen cyber. When you join Booz Allen, we’ll help you develop the career you want.

Competitions — From programming competitions at our PyNights (Python competition and learning events) to competing in CTFs, we’ve got plenty of chances for you to show off your skills.

Paid Research — Have an innovative idea to explore or hypothesis to test? You can participate in challenges via our crowdsourcing platform, the Garage, and other programs to be awarded dedicated time and/or funding to advance your skills.

Cyber University — CyberU has more than 5000 instructor-led and self-paced cyber courses, a free online library that you can access from just about anywhere—including your phone—and certification exam prep guides that include practical assessments to prepare you for your exam.

Academic Partnerships — In addition to our tuition reimbursement benefit, we’ve partnered with University of Maryland University College to offer two graduate certificate programs in cybersecurity—fully funded without a tuition cap.

Maker/Hackerspaces — Race drones, print 3D gadgets, drink coffee from our Wi-Fi coffee maker, and get hands-on training on tools and tech from in-house experts in our dedicated maker and hackerspaces.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.