Information Systems Security Analyst (RMF) - Senior

Position Summary

ECS is seeking an Information Systems Security Analyst (RMF) - Senior to support the Army National Guard (ARNG) Enterprise Network Operations and Cybersecurity Support (ENOCS) program. In this role, the analyst supports Task 3 — Cybersecurity Operations Support by executing Risk Management Framework (RMF) activities for assigned information systems, maintaining system security documentation and authorization artifacts, validating control implementation, updating eMASS records, and tracking remediation actions required to sustain Authorization to Operate (ATO) status. The position works closely with ISSOs, engineers, system owners, and broader cybersecurity operations personnel to document compliance evidence and sustain continuous monitoring activities across the ENOCS enterprise.

This role directly contributes to ARNG’s mission to defend classified and unclassified network environments across the DoDIN-Army-NG area of responsibility, supporting more than 120,000 users and approximately 141,000 endpoints across roughly 2,800 sites in 54 states and territories. ENOCS supports Title 10 and Title 32 missions, mobilization readiness, domestic emergency response, and classified SIPRNet operations, requiring disciplined RMF execution across both NIPRNet and SIPRNet-aligned environments. Within the ENOCS cyber operations ecosystem, this position helps maintain compliant, continuously monitored systems in coordination with 24x7x365 cybersecurity operations and in alignment with operational interfaces that include NETCOM Global Cyber Center, DISA DCDC, eMASS-based authorization workflows, vulnerability analysis, STIG compliance reviews, and ongoing ATO maintenance.

Please Note: This position is contingent upon contract award.

Responsibilities

• Execute RMF activities for assigned information systems by maintaining System Security Plans (SSPs), Security Controls Traceability Matrices (SCTMs), POA&Ms, and related authorization artifacts in accordance with DoD and ARNG cybersecurity policy.
• Update and maintain eMASS records with required artifacts, security documentation, self-assessment data, and remediation status to support ongoing authorization and continuous monitoring.
• Validate implementation of security controls and compile objective evidence to support security compliance reviews, assessments, and authorization decisions.
• Track POA&M items and remediation actions through closure, coordinating with ISSOs, engineers, and system owners to address non-compliant controls and sustain ATO status.
• Support continuous monitoring activities by documenting control status, approved risk thresholds, and changes affecting system cybersecurity posture under senior guidance.
• Coordinate RMF-related inputs with cybersecurity operations teams supporting classified and unclassified ARNG environments, including systems operating across NIPRNet and SIPRNet mission enclaves.
• Assist with preparation of documentation packages and supporting evidence for submission into eMASS and for review by ISSM and Authorizing Official stakeholders.
• Support compliance reviews tied to evolving guidance, including STIGs, NIST-based security requirements, vulnerability analysis, and associated artifact updates for assigned systems.
• Collaborate with Task 3 Cybersecurity Operations personnel to ensure RMF activities align with broader ENOCS defensive cyberspace operations, 24x7x365 cybersecurity monitoring, and coordination requirements with NETCOM Global Cyber Center and DISA DCDC.