- Develop and provide RMF Assessment and Authorization (A&A) documentation in accordance DoD, NIST, and other governing documents
- Maintain the current, approved Authorization to Operate (ATO) for assigned system
- Gather and/or develop any needed A&A artifacts
- Update artifacts as required ensuring that they are current and document findings in the approved Risk Management Framework (RMF) or similar A&A documentation format provided
- Assist with monitoring and the implementation of security controls
- Perform work within incident management, response, and response coordination
- Gather artifacts/data to support cybersecurity metrics and reporting
- Utilize cybersecurity tools (ACAS, STIG, Trellix ePO, Elasticsearch) to perform verification of operation in accordance with requirements
- Perform accurate and verified risk assessments that cover all of the security controls and policies for key stakeholders
- Track, monitor, and manage the information system’s Plan of Action and Milestones (POA&M) and provide technical assistance as required
- Analyze, verify and update PPSMs as required for programs
- Provide artifacts that support the maintenance of security packages
- Evaluate NIST 800-53 controls for applicability, generate implementation statements, and get implementations approved
- Prepare documents in support of Control Validation Tests (CVTs) to confirm compliance of ATOs submitted for RMF packages
- Perform security audits and vulnerability assessments and develop documentation and reports
- Develop policies, plans and procedures, including Incident Response, Disaster Recovery/Continuity of Operations and Cybersecurity Implementation Plans
- Other duties as assigned
Requirements
Education/Training:
- Bachelor’s Degree in management or other relevant discipline preferred
- Active DoD 8570 IAT Level II certification (ex: Security+) required
Experience:
- 4+ years of general full-time work experience
- 2+ years of professional experience in the required task area
- Experience requirement may be reduced with completion of advanced degree in a relevant field
- Demonstrable understanding of Microsoft Office Suite required
- Experience with Configuration Management processes and workflows required
- Previous experience conducting system and log auditing preferred
- Experience with endpoint security enforcement and validation preferred
- Vulnerability management experience preferred
- Experience with eMASS preferred
- Familiarity with Security Controls Traceability Matrix (SCTM) preferred
Security:
- Must be a US citizen
- Current active clearance at level Secret or higher required
Physical Requirements:
- Able to occasionally reach with hands and arms
- Prolonged periods of computer screen use, while sitting or standing at a desk
- Adhere to safety protocols when in work areas requiring use of PPE (e.g. eyewear, gloves, masks, hearing protection, steel toed shoes, etc.)
- Able to safely lift and carry up to 20 pounds at a time
Benefits
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (401k, IRA)
- Life Insurance (Basic, Voluntary & AD&D)
- Paid Time Off (Vacation, Sick & Public Holidays)
- Short Term & Long Term Disability
- Training & Development
- Wellness Resources
Salary: $120,000 -130,000
Salary rates for this position are competitive and commensurate with experience and industry standards. We offer a comprehensive benefits package that may include health insurance, paid time off, and retirement savings options.
