Job Title: Cybersecurity RMF Auditor
Contract Title: Information Assurance/Security Specialist (Master)
Job Number: 5009
Location: Mark Center in Alexandria, VA
Range: Bachelors + 4 years = 8-years of experience
Clearance: Top Secret
Company is willing to sponsor a qualified US Citizen for Top Secret clearance who already possess an active Secret clearance
Start Date: Immediate.
POP: 9/23/2019 – 09/22/2021
Alliant Information Technologies, LLC (AIT), a wholly owned subsidiary of IndraSoft, Inc., is seeking a seeking a highly qualified RMF Auditor/Assessor with Secret clearance (TS Clearance preferred) to work at the Defense Manpower Data Center (DMDC) in Alexandria, VA. The candidate of choice will be a motivated individual who works well as part of a multi-disciplinary team. The candidate will support RMF assessment packages across the DMDC enterprise, to include government cloud initiatives.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
· Must be a US citizen, possess a Secret Clearance, and be willing to acquire and maintain a DoD Top Secret clearance.
· Bachelor’s degree plus 4 years of assessment experience, preferably NIST based Risk Management Framework (RMF). Experience may be substituted for education requirement, No degree and a minimum of 10 years of assessment experience (w/ RMF and eMASS) considered.
· Must have 1 active/current DoD 8570 IAM Level II certification such as: CISSP (or Associate), CAP, CASP+CE, CISM, GSLC or, CCISO.
· Firm understanding of DoD security policies and practices
o Ex: DoD 8510.01 RMF and NIST SP 800-53a.
· Technical knowledge including: Windows, RHEL, networks, and relevant DoD STIGs.
· Excellent written and verbal skills are required.
· Project Management experience.
· PMP Certification.
· ISSO and or CISM experience.
· Familiarity with Information Technology components; operating systems/servers, computer networking, switches, routers racks, firewalls, VPNs, and DoD PKI systems.
Essential Functions and Responsibilities:
· Identify process improvements to the audit processes to take advantage of automated tools wherever possible.
· Assist RMF Manager with the execution of the Risk Management Framework (RMF) across multiple programs in accordance with the National Institute of Standards and Technology (NIST).
· Interfaces with stakeholders, functional points of contacts, and ISSO.
· Directly perform the following:
o Support application and system accreditation packages and ATO's using the DISA Enterprise Mission Assurance Support Service (eMASS).
o Assess the Cyber Security risk of IT systems and applications documenting them in formal risk assessments and supporting artifacts associated with the Assessment & Authorization (A&A) process.
o Assess artifacts and supporting evidence to satisfy all applicable RMF Controls and corresponding Control Correlation Identifiers (CCI's).
o Validate appropriate implementation of security controls in accordance with National Institute of Standards and Technology (NIST) and DoD publications.
o Support the development of and execution of the Security Assessment Plans to ensure proper orchestration of testing procedures in accordance with requirements set forth by DoD and NIST RMF.
o Conduct IAVM reviews; determine applicability through research and coordination, update documentation, track status via defined methods.
o Review STIGS; checklist generation and management, determine availability of new STIGs, update checklists to new STIG versions.
o Review HW/SW/PPS list and ensure they reflect the components and data flows outlined in the authorization boundary diagram.
o Conduct analyses of ACAS findings relevant to specific RMF controls and boundaries and create associated POA&M.
o Assign risk levels on controls assessed as non-compliant.
o Support on-demand system audits or vulnerability assessments when necessary to determine compliance.
o Conduct manual reviews for non-automatable controls, both technical and administrative.
o Support the preparation of detailed documentation such as a Security Assessment Plan, Security Assessment Report, Kickoff and Outbrief presentations.
o Support the preparation of or update the Plan of Action and Milestones (POA&M) to document all known vulnerabilities to correct or mitigate risks.
· Additional responsibilities as assigned by management.
While performing duties of the job, incumbent will be exposed to Normal demands associated with an office environment. Ability to work on computer for long periods, and communicate with individuals by telephone, email and face to face. This position requires incumbent to have the ability to stand, walk, sit, use hands to finger, handle or feel objects, tools, or controls, reach with hands and arms, talk and hear. Employee must occasionally lift and/or move up to 20 pounds. Specific vision abilities required by job include close vision, distance vision, color vision, peripheral vision, depth perception and the ability to adjust and focus.
Work Environment: The noise level in the work environment is usually moderate.