HiringCafe
Posted 5d ago

Senior Cybersecurity Compliance Analyst (RMF) - TS/SCI

@ Modern Government Solutions
View All Jobs
Point Mugu, California, United States
$285k/yrOnsiteFull Time
Responsibilities:Assess compliance, Validate controls, Maintain artifacts
Requirements Summary:DoD TS/SCI clearance required; Bachelor's in Cybersecurity/IT/CS; 10+ years in DoD RMF/compliance; IAM Level II/III certs; RMF/NIST/DoD frameworks; SIEM (Splunk); eMASS; cloud/CLOUD SRG familiarity.
Technical Tools Mentioned:ACAS, Nessus, SCAP Compliance Checker, STIG Viewer, eMASS, Splunk
Save
Mark Applied
Hide Job
Report & Hide
Job Description

TITLE:Senior Cybersecurity Compliance Analyst (RMF)

LOCATION: Point Mugu AFB, CA, US

CLEARANCE REQUIRED:Active DoD TS/SCI Clearance

EMPLOYMENT TYPE:Full-time, On-site

TRAVEL:Up to 20%

POSITION SUMMARY

Modern Government Solutions (MGS) is seeking a Senior Cybersecurity Compliance Analyst (RMF) to support Blue Water Instrumentation (BWI) efforts at Point Mugu Sea Range, ensuring cybersecurity compliance across RDT&E test environments and prototype systems. In this role, you will assess and validate security controls, manage RMF processes, and provide continuous monitoring and reporting to support informed risk decisions without slowing down testing and innovation. You'll work closely with engineering, IT, and Government stakeholders to maintain compliance across complex environments, including cloud, data, and instrumentation systems. This role translates cybersecurity requirements into actionable guidance, ensuring systems remain secure, compliant, and mission-ready. You'll support audit readiness, authorization activities, and POA&M management in dynamic, event-driven test environments.

 

RESPONSIBILITIES (not limited to):

  • Assess and validate cybersecurity compliance of R&D test environments and prototype systems against DoD frameworks (RMF, NIST SP 800-53, CNSSI 1253, Zero Trust, EO 14028), ensuring systems meet security requirements without disrupting testing and development.
  • Conduct vulnerability scanning and compliance validation using tools such as ACAS/Tenable Nessus, SCAP Compliance Checker (SCC), and STIG Viewer; analyze results, document findings, and track remediation efforts across Windows, Linux, and network environments.
  • Support development and maintenance of RMF authorization artifacts within eMASS (SSPs, POA&Ms, risk assessments, inheritance mappings), while owning POA&M tracking and coordinating remediation with engineering and IT teams.
  • Perform security control assessments (NIST SP 800-53A) and maintain evidence, documentation, and continuous monitoring activities to reflect system security posture and residual risk in dynamic test environments.
  • Monitor systems for security events and anomalies using SIEM tools (e.g., Splunk) during RDT&E event windows, escalating and documenting incidents in accordance with established response procedures.
  • Evaluate and verify compliance of cloud and data environments aligned to DoD Cloud SRG requirements (including IL6) supporting instrumentation, telemetry, and data pipeline activities.
  • Support audit readiness by preparing compliance packages, reports, dashboards, and briefings for program leadership and Government stakeholders (e.g., NAVAIR, NAWCWD).
  • Analyze and validate security configurations proposed by engineering teams, providing risk analysis and actionable compliance guidance.
  • Ensure proper handling and protection of sensitive information, including CUI, COMSEC, and ITAR/EAR-controlled data, in accordance with DoD policies.
  • Coordinate with Government cybersecurity authorities (ISSM, AO, SCA) to support test environment authorizations and compliance activities in a contractor support role.
  • Generate and maintain recurring and ad-hoc reporting, including POA&M status, security posture metrics, and compliance scorecards for leadership visibility and decision-making.
  • Maintain awareness of emerging threats, vulnerabilities, and policy updates, advising program leadership on impacts to RDT&E environments and compliance posture.
  • Operate across office, laboratory, and operational environments, coordinating closely with IT, engineering, and program teams to support cybersecurity activities.
  • Support test events and elevated operational periods as needed, including up to 20% travel to meet program and mission requirements.

 

REQUIRED SKILLS AND QUALIFICATIONS

  • Must possess an active Department of Defense (DoD) TS/SCI security clearance.
    • Must be eligible for SAP access based on tasking.
  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related field (or equivalent combination of education and experience)
  • One or more of the following IAM Level II/III certifications:
    • CISSP (Certified Information Systems Security Professional)
    • CISM (Certified Information Security Manager)
    • CASP+ (CompTIA Advanced Security Practitioner)
    • Security+ CE (minimum for IAM Level II)
  • 10+ years of experience in cybersecurity analysis, information assurance, or RMF/compliance roles within DoD/DoN environments.
  • Strong working knowledge of DoD cybersecurity frameworks, including RMF (DoDI 8510.01), NIST SP 800-53/171, CNSSI 1253, and DoD Zero Trust Architecture.
  • Proven experience supporting IATT/ATO processes and managing RMF artifacts, including SSPs, POA&Ms, inheritance mappings, and eMASS workflows.
  • Experience conducting vulnerability scanning and compliance validation using tools such as ACAS/Tenable Nessus, SCAP Compliance Checker (SCC), and STIG Viewer.
  • Experience with SIEM platforms (e.g., Splunk) for security event monitoring and analysis in support of RDT&E and operational test environments.
  • Familiarity with DoD Cloud SRG requirements and compliance assessment of cloud-based environments (IL4–IL6).
  • Strong understanding of security control assessment methodologies (NIST SP 800-53A) and continuous monitoring processes.
  • Experience supporting cybersecurity compliance in RDT&E, test, or non-enterprise environments where flexibility and rapid iteration are required.
  • Ability to analyze risk, prioritize remediation, and provide clear, actionable recommendations to engineering teams and leadership.
  • Strong analytical, written, and briefing skills, with the ability to communicate security posture and risk to technical and non-technical stakeholders.
  • Ability to work independently, manage competing priorities, and operate effectively in fast-paced, mission-driven environments.

 

PREFERRED SKILLS AND QUALIFICATIONS

  • Experience supporting DoD test ranges, RDT&E programs, or operational environments (e.g., NAWCWD, NAVAIR, Point Mugu Sea Range).
  • Experience assessing cybersecurity compliance of developmental, prototype, or field-deployable systems (e.g., TRL 4–6) in non-enterprise environments.
  • Familiarity with contractor and program compliance frameworks, including CMMC 2.0 Level 2, EO 14028, and DoD Cloud SRG (IL6) requirements.
  • Knowledge of specialized compliance domains, including cross-domain solutions (CDS), TEMPEST/EMSEC considerations, and COMSEC validation requirements.
  • Experience supporting security assessments in complex environments involving OT/IT convergence, instrumentation systems, telemetry, or autonomous/USV platforms.
  • Familiarity with data handling and protection requirements, including ITAR/EAR-controlled data and FMS program security requirements.
  • Familiarity with T&E range environments and standards (e.g., IRIG-106) and their impact on cybersecurity compliance and data handling.
  • Additional relevant certifications such as CAP, CISA, CEH, CCSP, Tenable Certified, or Splunk Core Certified User.

 

*Applicants selected will be United States citizens and may be subject to a government security investigation for access to classified information.*

 

ABOUT US

At MGS, we believe a people-first culture corresponds to organizational success through a commitment to excellence, integrity, inclusion, and an attitude that welcomes challenges meets demands, sustains growth, and drives innovation. We provide expert mission-first technical and programmatic services and solutions for the US intelligence community, the US Department of Defense, and other governmental agencies. We create people-first organizational cultures where employees feel needed in the system, not a system that needs employees. We provide you with long-term career opportunities centrally focused on our core value system: inclusion, integrity, and a commitment to excellence.

MGS is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status, and will not be discriminated against on the basis of disability.