Develop and provide RMF Assessment and Authorization (A&A) documentation in accordance DoD, NIST, and other governing documents
Maintain the current, approved Authorization to Operate (ATO) for assigned system
Gather and/or develop any needed A&A artifacts
Update artifacts as required ensuring that they are current and document findings in the approved Risk Management Framework (RMF) or similar A&A documentation format provided
Assist with monitoring and the implementation of security controls
Perform work within incident management, response, and response coordination
Gather artifacts/data to support cybersecurity metrics and reporting
Utilize cybersecurity tools (ACAS, STIG, Trellix ePO, Elasticsearch) to perform verification of operation in accordance with requirements
Perform accurate and verified risk assessments that cover all of the security controls and policies for key stakeholders
Track, monitor, and manage the information system's Plan of Action and Milestones (POA&M) and provide technical assistance as required
Analyze, verify and update PPSMs as required for programs
Provide artifacts that support the maintenance of security packages
Evaluate NIST 800-53 controls for applicability, generate implementation statements, and get implementations approved
Prepare documents in support of Control Validation Tests (CVTs) to confirm compliance of ATOs submitted for RMF packages
Perform security audits and vulnerability assessments and develop documentation and reports
Develop policies, plans and procedures, including Incident Response, Disaster Recovery/Continuity of Operations and Cybersecurity Implementation Plans
Other duties as assigned
Requirements
Education/Training:
Bachelor's Degree in management or other relevant discipline preferred
Active DoD 8570 IAT Level II certification (ex: Security+) required
Experience:
4+ years of general full-time work experience
2+ years of professional experience in the required task area
Experience requirement may be reduced with completion of advanced degree in a relevant field
Demonstrable understanding of Microsoft Office Suite required
Experience with Configuration Management processes and workflows required
Previous experience conducting system and log auditing preferred
Experience with endpoint security enforcement and validation preferred
Vulnerability management experience preferred
Experience with eMASS preferred
Familiarity with Security Controls Traceability Matrix (SCTM) preferred
Security:
Must be a US citizen
Current active clearance at level Secret or higher required
Physical Requirements:
Able to occasionally reach with hands and arms
Prolonged periods of computer screen use, while sitting or standing at a desk
Adhere to safety protocols when in work areas requiring use of PPE (e.g. eyewear, gloves, masks, hearing protection, steel toed shoes, etc.)
Able to safely lift and carry up to 20 pounds at a time
Benefits
Health Care Plan (Medical, Dental & Vision)
Retirement Plan (401k, IRA)
Life Insurance (Basic, Voluntary & AD&D)
Paid Time Off (Vacation, Sick & Public Holidays)
Short Term & Long Term Disability
Training & Development
Wellness Resources
Salary: $120,000 -130,000
Salary rates for this position are competitive and commensurate with experience and industry standards. We offer a comprehensive benefits package that may include health insurance, paid time off, and retirement savings options.
