Skip to Main Content
← Back to Jobs

Cybersecurity RMF Auditor

IndraSoft Alexandria, VA
  • Posted: over a month ago
  • Full-Time
  • Benefits: Vision, Medical, Life Insurance, 401k, Dental

Job Title: Cybersecurity RMF Auditor

Contract Title: Information Assurance/Security Specialist (Master)

Job Number: 5009

Location: Mark Center in Alexandria, VA
Range: Bachelors + 4 years = 8-years of experience

Clearance: Top Secret

Company is willing to sponsor a qualified US Citizen for Top Secret clearance who already possess an active Secret clearance

Start Date: Immediate.

POP: 9/23/2019 – 09/22/2021

Alliant Information Technologies, LLC (AIT), a wholly owned subsidiary of IndraSoft, Inc., is seeking a seeking a highly qualified RMF Auditor/Assessor with Secret clearance (TS Clearance preferred) to work at the Defense Manpower Data Center (DMDC) in Alexandria, VA. The candidate of choice will be a motivated individual who works well as part of a multi-disciplinary team. The candidate will support RMF assessment packages across the DMDC enterprise, to include government cloud initiatives.


To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Qualifications Required:

· Must be a US citizen, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance.

· Bachelor’s degree plus 4 years of assessment experience, preferably NIST based Risk Management Framework (RMF). Experience may be substituted for education requirement, No degree and a minimum of 10 years of assessment experience (w/ RMF and eMASS) considered.

· Must have 1 active/current DoD 8570 IAM Level II certification such as: CISSP (or Associate), CAP, CASP+CE, CISM, GSLC or, CCISO.

· Firm understanding of DoD security policies and practices

o Ex: DoD 8510.01 RMF and NIST SP 800-53a.

· Technical knowledge including: Windows, RHEL, networks, and relevant DoD STIGs.

· Excellent written and verbal skills are required.

Qualifications Desired:

· Project Management experience.

· PMP Certification.

· ISSO and or CISM experience.

· Familiarity with Information Technology components; operating systems/servers, computer networking, switches, routers racks, firewalls, VPNs, and DoD PKI systems.

Essential Functions and Responsibilities:

· Identify process improvements to the audit processes to take advantage of automated tools wherever possible.

· Assist RMF Manager with the execution of the Risk Management Framework (RMF) across multiple programs in accordance with the National Institute of Standards and Technology (NIST).

· Interfaces with stakeholders, functional points of contacts, and ISSO.

· Directly perform the following:

o Support application and system accreditation packages and ATO's using the DISA Enterprise Mission Assurance Support Service (eMASS).

o Assess the Cyber Security risk of IT systems and applications documenting them in formal risk assessments and supporting artifacts associated with the Assessment & Authorization (A&A) process.

o Assess artifacts and supporting evidence to satisfy all applicable RMF Controls and corresponding Control Correlation Identifiers (CCI's).

o Validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST) and DoD publications.

o Support the development of and execution of the Security Assessment Plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and NIST RMF.

o Conduct IAVM reviews; determine applicability through research and coordination, update documentation, track status via defined methods.

o Review STIGS; checklist generation and management, determine availability of new STIGs, update checklists to new STIG versions.

o Review HW/SW/PPS list and ensure they reflect the components and data flows outlined in the authorization boundary diagram.

o Conduct analyses of ACAS findings relevant to specific RMF controls and boundaries and create associated POA&M.

o Assign risk levels on controls assessed as non-compliant.

o Support on-demand system audits or vulnerability assessments when necessary to determine compliance.

o Conduct manual reviews for non-automatable controls, both technical and administrative.

o Support the preparation of detailed documentation such as a Security Assessment Plan, Security Assessment Report, Kickoff and Outbrief presentations.

o Support the preparation of or update the Plan of Action and Milestones (POA&M) to document all known vulnerabilities to correct or mitigate risks.

Non-Essential Functions:

· Additional responsibilities as assigned by management.

Physical Demands:

While performing duties of the job, incumbent will be exposed to Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. This position requires incumbent to have the ability to stand, walk, sit, use hands to finger, handle or feel objects, tools, or controls, reach with hands and arms, talk and hear. Employee must occasionally lift and/or move up to 20 pounds. Specific vision abilities required by job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust and focus.

Work Environment: The noise level in the work environment is usually moderate.


Leading Innovation and High Quality Information Technology Services Since 2002, IndraSoft has successfully provided IT solutions to major customers that include the U.S. Air Force, Defense Logistics Agency, USTRANSCOM, U.S. Marine Corps, Environmental Protection Agency, Department of State, and Department of Justice. Our professional staff has broad software and network experience and expertise that include software and network engineering, development, sustainment, migration, integration, training, help desk support, testing and operational support. We follow a well-defined process to understand the customer’s information technology needs and then provide timely and affordable solutions that meet those needs. IndraSoft is a certified small business, woman and minority-owned corporation. IndraSoft’s proven leadership in IT systems, exceptional customer service, and solid hands-on technical expertise has made way for its leading innovation and quality IT services.


Alexandria, VA


What email should the hiring manager reach you at?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

What email should we contact you at once we get salary info from the hiring manager?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.

Our qualification feature is only available to registered members - what email address would you like for us to keep on file?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.