1

Nist Rmf Jobs (NOW HIRING)

Information Security Analyst (RMF)

MD · On-site

$100K - $125K/yr

... NIST), RMF, and/or Platform Information Technology (PIT) methodologies. Detailed Description: * Plan, implement, upgrade and monitor security measures for the protection of complex DoD communication ...

next page

Showing results 1-20

Nist Rmf information

See salary details

$43K

$99.4K

$150K

How much do nist rmf jobs pay per year?

As of Jul 11, 2026, the average yearly pay for nist rmf in the United States is $99,400.00, according to ZipRecruiter salary data. Most workers in this role earn between $79,500.00 and $115,500.00 per year, depending on experience, location, and employer.

What is NIST RMF?

NIST RMF stands for the National Institute of Standards and Technology Risk Management Framework. It is a structured process used by federal agencies and organizations to identify, assess, and manage cybersecurity risks to information systems. The RMF provides a set of steps that guide organizations through the selection, implementation, assessment, and monitoring of security controls to ensure systems meet required security standards. This framework is essential for achieving compliance with federal cybersecurity requirements and improving overall information security.

What is the difference between Nist Rmf vs Cybersecurity Analyst?

AspectNist RmfCybersecurity Analyst
CertificationsRisk Management Framework (RMF) certifications, NIST guidelinesCompTIA Security+, CISSP, CEH
Work EnvironmentGovernment agencies, federal projects, compliance-focusedPrivate sector, IT departments, security teams
Industry UsagePrimarily in federal and defense sectorsAcross various industries including finance, healthcare, tech
Primary FocusImplementing and managing risk management frameworksMonitoring, analyzing, and responding to security threats

While Nist Rmf specialists focus on establishing and maintaining risk management processes based on NIST standards, Cybersecurity Analysts are more involved in threat detection and incident response. Both roles require security knowledge but serve different functions within cybersecurity frameworks.

What are some typical challenges faced by professionals implementing the NIST RMF in an organization?

Professionals working with the NIST Risk Management Framework (RMF) often encounter challenges such as aligning organizational processes with RMF requirements, ensuring stakeholder buy-in, and maintaining comprehensive documentation. Adapting legacy systems to meet modern security controls can be complex, and coordinating efforts across multiple teams—such as IT, compliance, and management—requires strong communication skills. Staying current with evolving NIST guidelines and integrating continuous monitoring into daily operations are also important aspects to manage for success in this role.

What are the key skills and qualifications needed to thrive as a NIST RMF (Risk Management Framework) specialist, and why are they important?

To thrive as a NIST RMF specialist, you need a solid understanding of information security principles, risk assessment, compliance standards, and often a background in cybersecurity or IT, supported by certifications like CISSP, CAP, or Security+. Familiarity with NIST SP 800-37, eMASS, and other GRC (Governance, Risk, and Compliance) tools is typically required. Attention to detail, analytical thinking, and strong communication skills help professionals navigate complex regulatory requirements and effectively collaborate with stakeholders. These skills are essential for ensuring organizational compliance, safeguarding sensitive data, and managing security risks efficiently.
More about Nist Rmf jobs
What states have the most Nist Rmf jobs? States with the most job openings for Nist Rmf jobs include:
Infographic showing various Nist Rmf job openings in the United States as of July 2026, with employment types broken down into 95% Full Time, 2% Part Time, and 3% Contract. Highlights an 76% Physical, 7% Hybrid, and 17% Remote job distribution, with an average salary of $99,400 per year, or $47.8 per hour.
Cloud Security and Risk Management Framework (RMF) Subject Matter Expert (SME)

Cloud Security and Risk Management Framework (RMF) Subject Matter Expert (SME)

Enterprise Horizon Consulting Group

Alexandria, VA • On-site

$70 - $93/hr

Other

Medical, Dental, Vision, Life, Retirement, PTO

Posted 25 days ago


Job description

Company Overview

Enterprise Horizon Consulting Group (EHCG) is a Woman-Owned Small Business specializing in IT Consulting which has successfully delivered key capabilities to the Navy, Army, and NASA over the past 20+ years. EHCG provides best in class services to its customers in the following areas: Business Systems Services; Business Intelligence; Data Analytics and Dashboarding; Enterprise Resource Planning (SAP) Implementation; Legacy System Optimization; Digital Transformation; Cloud Migration; Integration and Modernization; and Risk Management Framework Processes (RMF).

Job Description

Contingent Upon Contract Award

Enterprise Horizon Consulting Group is seeking a highly skilled Cloud Security and Risk Management Framework (RMF) Subject Matter Expert (SME) with deep expertise in Certification & Accreditation (C&A), NIST RMF standards, and secure cloud operations. This role requires advanced knowledge of NIST SP 800 53 and 800 37, hands on experience securing Oracle Cloud Infrastructure (OCI) at DoD Impact Level 5 (IL5), and the ability to work independently while providing authoritative guidance on cloud security best practices.

The ideal candidate brings strong technical leadership, proven experience assessing and securing complex cloud environments, and the ability to drive modernization and compliance initiatives across diverse cloud deployment and service models.

Key Responsibilities


  • Provide cloud tenancy services and deliver enhanced capabilities within an Oracle Cloud Infrastructure (OCI) hosting environment.

  • Secure, isolate, and administer the cloud tenancy to effectively create, organize, integrate, and manage cloud resources.

  • Research, evaluate, and implement new OCI services and capabilities to improve operational performance and strengthen security posture.

  • Administer middleware and web tiers, manage single sign on (SSO), and create/manage users, groups, and access controls.

  • Apply expert knowledge of NIST RMF, C&A processes, and DoD cybersecurity requirements to assess controls, identify risks, and ensure compliance.

  • Support the design, implementation, and maintenance of cloud-native security configurations, including Oracle CloudGuard.

  • Conduct C&A reviews for large, complex information systems and ensure alignment with DoD, NIST, and FedRAMP requirements.

  • Provide technical leadership across cloud service engineering, including distributed systems, virtualized infrastructure, identity, observability, and security.

  • Manage and support Autonomous Database, Oracle Enterprise Database, and Oracle Database Cloud Service (DBCS).

  • Deploy and manage containerized applications using Oracle Kubernetes Engine (OKE).

  • Automate tasks using scripting and IaC tools such as Ansible (OCI compliant), HELM, and Terraform.

  • Apply expertise in modern computing paradigms including hybrid cloud, edge computing, microservices, and IoT related protocols.


Requirements


Minimum Requirements


  • Must have an active Secret clearance.

  • Must possess a DoD Approved 8570 IAM Level I baseline certification (e.g., Security+ or equivalent)

  • Must possess a Cloud Computing Security Certification, such as:


    • Certified Cloud Security Professional (CCSP)

    • Certificate of Cloud Security Knowledge (CCSK)

    • OCI Specialty Certification


  • Minimum 5 years of experience supporting DoD IL5 Oracle Cloud Infrastructure (OCI) administration, maintenance, and operations.

  • Experience across multiple OCI technical domains, including:


    • Information Systems Architecture

    • Security Engineering (STIGs, DoD Cloud SRG, policies)

    • Communications and Network Systems Management


  • Demonstrated expertise with RMF, NIST C&A, and DoD cybersecurity frameworks.

  • Experience assessing cybersecurity controls and conducting C&A reviews for large, complex systems.

  • Strong understanding of FedRAMP assessment methodology, including all six domain areas:


    • Architectural Concepts & Design Requirements

    • Cloud Data Security

    • Cloud Platform & Infrastructure Security

    • Cloud Application Security

    • Operations

    • Legal & Compliance


  • Proven ability to solve complex problems across cloud software engineering, distributed systems, identity, security, and observability.

  • Experience configuring and managing cloud-native security tools, including Oracle CloudGuard.


Benefits


Benefits

We offer full-time salaried employees competitive salaries with a range of benefits, including:

  • Medical, Dental, & Vision
  • Life Insurance, Short-term Disability, Long-term Disability
  • SIMPLE IRA with Company Match
  • Federal Holidays
  • Vacation & Sick Leave

$500 Referral Bonus

If this position is not a perfect fit for you, but you know someone who would be a great match, please refer them to us via our Candidate Referral Program by going to: . If we hire them, you could receive $500! See the link for further details.

Enterprise Horizon Consulting Group is an equal opportunity employer. Enterprise Horizon Consulting Group does not discriminate against any employee or applicant for employment on the basis of race, color, religion, sex, marital status, sexual orientation, gender identity, national origin, ancestry, age (40 and over), physical or mental disability, or protected veteran status, or any other protected status in accordance with all applicable federal, state and local laws.