Security RMF Audit Analyst

Hirekeyz Logo
Hirekeyz
United States (Remote)
  • IT
  • Applications have closed

Role: Security RMF Audit Analyst

POP: 12 Months Contract

Location: Remote

SCOPE:

The Sr. Security RMF Audit Analyst will lead audit preparation and execution, support continuous RMF lifecycle activities, and oversee compliance with federal cybersecurity requirements across on-premises, virtual, and cloud-hosted systems.

REQUIRED SKILLS:

  • Bachelor s or Associate’s degree in Computer Science, Math, Information Technology, Engineering, or related field. Two (2) years of directly relevant experience may substitute for one (1) year of formal education.
  • CompTIA Security required
  • Minimum of five (5) years of experience in Information security with auditing and IT controls design experience.
  • Minimum of five (5) years of experience with Security Information and Event Management (SIEM).
  • Minimum of five (5) years of experience in the risk management framework.
  • Hands-on experience with Active Directory, Windows/UNIX systems, and relational databases in secure environments.
  • Advanced knowledge of NIST RMF, NIST SP 800-37, 800-53, DHS 4300A, and FISMA compliance.
  • Experience preparing and maintaining RMF ATO documentation and conducting system assessments.
  • Familiarity with Security Information and Event Management (SIEM) platforms for log analysis and incident monitoring.
  • Proficient in evaluating and documenting security configurations and technical implementations for federal systems.
  • Strong understanding of cybersecurity audit workflows, control testing, and risk-based prioritization of vulnerabilities.
  • Excellent writing and communication skills, capable of producing technical documentation and executive summaries.
  • Experience in Agile or DevSecOps environments, with a strong understanding of security integration within CI/CD pipelines.

PREFERRED SKILLS:

  • Previous support of federal government enterprise systems or DHS/DOD programs is strongly preferred.
  • Additional certifications (Network , AWS Certified Cloud Practitioner, Microsoft Azure Fundamentals, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Foundation, TOGAF, or other cybersecurity architecture certifications) are a plus.

TASKS

  • Oversee the Risk Management Framework (RMF) lifecycle, including assessment, authorization, and continuous monitoring across all ALC-ISD systems.
  • Lead and coordinate internal and external cybersecurity audits, including pre-audit readiness assessments and post-audit remediation tracking.
  • Validate the implementation of security controls (NIST SP 800-53 Rev. 5) and ensure they are effectively documented within System Security Plans (SSPs), Security Assessment Reports (SARs), and related artifacts.
  • Design and implement vulnerability management strategies, assess threat vectors, and develop comprehensive Plans of Action and Milestones (POA&Ms).
  • Analyze cyber risks and provide guidance on remediation strategies aligned with DHS policy and evolving cybersecurity threats.
  • Perform and document risk assessments, penetration testing coordination, and impact analyses to evaluate the security posture of information systems.
  • Collaborate with Security Control Assessors (SCAs), engineers, ISSOs, and DevSecOps teams to ensure audit alignment with enterprise system modernization efforts.
  • Manage and maintain audit packages, compliance dashboards, and evidence repositories using platforms like Jira, Confluence, and SharePoint.
  • Assess and validate configurations of infrastructure (e.g., Windows, Linux, databases, Active Directory) for compliance with security benchmarks (e.g., DISA STIGs, CIS).
  • Draft and update security-related documentation including SOPs, incident response plans, and security test procedures.
  • Serve as a subject matter expert to stakeholders on RMF best practices, ATO sustainment, and security documentation management.
  • All other duties as assigned by management.
Apply for job