top of page

RMF Cybersecurity Analyst Level 3 108-023


See a complete list of our open positions

Apply at the Bottom of the Page

IC-CAP LLC is a Woman Owned / HUBZone Small Business working in the Department of Defense and Intelligence Community.  We are always looking for highly talented, energetic, and dynamic professionals that are interested in protecting the defense of our nation.  

Some of the positions are future positions.  Please look at the opening line of the job description to determine if this is an open or future position.


Our positions are not remote unless stated in the job description below.

We are looking to fill this position at the following location(s):

    Annapolis Junction, MD

Job Description

RMF Cybersecurity Analyst Level 3:

Job Description:

Our work depends on a Risk Management Framework Cybersecurity Analyst joining our team to support Government activities in Annapolis Junction, MD, or Sterling, VA. As a RMF Cybersecurity Analyst supporting the Federal Government and the Intelligence Community (IC), you will be entrusted with ensuring our IT engineering solutions meet the highest security standards, that they adhere to all applicable standards, guidelines, and mandates; and that all appropriate documentation necessary to make up a Body of Evidence (BoE) is provided to the Chief Information Security Officer (CISO), and Authorizing Official (AO) to successfully justify the issuing an Authority to Operate (ATO). 

Level 3:

  • Skills and Tasks: Exceptionally Complex Researches and evaluates new concepts and processes to improve performance. Analyzes cross-functional problem sets, identifies root causes and resolves issues. Assists more junior level technicians, specialists, and managers in their activities. Can perform all tasks of lower level technicians, specialists, and/or managers. 

  • Leadership Management: Works individually, actively participates on integrated teams, and leads   multiple tasks, projects or teams. Oversees and monitors performance, and when required, takes steps to   resolve issues.

  • Guidance: Directs multiple teams through to project completion. Provides guidance and direction to lower level technicians, specialists, and managers.

Job Characteristics:

  • Perform a variety of Information Assurance (IA) and Computer Network Defense (CND) functions which are broad in nature and support multi-tier IA and CND functions to include, but not limited to, systems engineer, audit/inspection, infrastructure support, certification and accreditation, vulnerability management, detection and response support services.

  • Provide support for a program, organization, system, or enclave’s information assurance program

  • Provide security certification test and evaluation of assets, vulnerability management and response, security assessments, and customer support

  • Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies.

  • Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed

  • Assist with the management of security aspects of the information system and performs day-to-day security operations of the system.

  • Evaluate security solutions to ensure they meet security requirements for processing classified information.

  • Perform vulnerability/risk assessment analysis to support certification and accreditation.

  • Provide configuration management (CM) for information system security software, hardware, and firmware.

  • Manage changes to system and assesses the security impact of those changes.

  • Prepare and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs).

  • Execute policies and guidance provided by senior functional/technical leads

In this role, a typical day may include:

  • Acting as an appointed Information System Security Officer (ISSO) for IC cyber systems being developed by the engineering team.

  • Reporting, documenting, and briefing the status of systems under development, while assuring their successful and timely progression through the client Risk 

  • Management Framework (RMF) to the satisfaction of the appointed Information System Security Manager (ISSM), and/or senior govt leadership.

  • Providing clear justification describing the satisfaction all applicable security control implementation as specified by the IC, AO, or NIST-800-53, rev 4 rev 5.

  • Authoring System Security Plans (SSP).

  • Authoring System Security Test Plans (SSTP).

  • Conducting self-assessments of all systems under development

  • Analyzing security controls and the impact changes would introduce to the environment. 

  • Preparing for and assisting with formal risk assessments conducted by the AO's designated Security Control Assessors (SCA) while acting as a member of the security assessment test team.

  • Ensuring the remediation of any findings assigned to engineering as documented in the Security Assessment Report (SAR) and its Plan of Actions and Milestones (PO&AM). 

  • Documenting and defending reasoning when waivers are sought, or non-standard remediation solutions are requested for specific security controls.

  • Assisting with the transition of systems granted an ATO to the Operations branch and the assignment of an operations ISSO.

  • Researching remediation options for vulnerabilities identified for systems under development or already in production under an ATO. 

What you'll need:

  • Minimum of 3-years IC (SCI) RMF Assessment and Authorization (A&A) experience and the ability to describe the differences between collateral and SCI authorization requirements as they apply to DoD and IC instructions and guidelines.

  • Ability to speak to the intent of all NIST 800-53 security controls.

  • Minimum 1-year hands on experience with the Xacta application.

  • Excellent oral and technical writing skills.

  • Ability to work both independently and as a member of a team.

Education and Experience:

  • High School Diploma + 10 years

  • Associate's Degree + 8 years

  • Bachelor's Degree + 6 years

  • Master's Degree + 4 years

  • PhD + 2 years

Training and Certifications:

  • IAT Level 2

Security Clearance:

  • DoD Approved Clearance and Poly

You are applying for the position of 
RMF Cybersecurity Analyst Level 3 108-023
Upload Your Resume
bottom of page