RMF Security Engineer (Secret)
- Expired: over a month ago. Applications are no longer accepted.
RMF Security Engineer (Secret)
The RMF Security Engineer provides cybersecurity expertise and leadership to a team supporting the Defense Information System Agency (DISA) technology infrastructure. Executes multiple RMF packages in support of DoDNet on a technically diverse platform. This is a lead position and oversees the team. This role is the primary customer contact for RMF using standard tools such as eMASS and ACAS scan results and manages the reporting process for the team. and assesses system risks and facilitate remediation of security vulnerabilities. Reports on findings and provides recommendations for corrective actions. Interfaces with governance teams in organization. Performs vulnerability assessments as assigned, utilizing IT security tools and methodologies and is responsible for the upkeep of the security posture of the environment.
Education and Experience:
- Bachelor’s Degree
- 6+ years of experience in NIST RMF implementation
- Experience in E-Mass, RMF, ACAS from analytical perspective
- Experience leading RMF and cyber security teams and working packages to completion
- CISSP or equivalent certifications needed or equivalent specialty experience
- CISSP (or appropriate DoDM 8570 Baseline Certification)
- Remedy/ServiceNow experience a plus
- IAT Level II certification is required before start
· Analyze Assured Compliance Assessment Solution (ACAS) scans to determine infrastructure vulnerability state and develop highly customizable reports for briefings to DISA's leaders
· Oversee NIST RMF activities across a technically diverse set of efforts to achieve or maintain ATO status
· Experience managing complex POAM’s of technically diverse efforts
· Analyze ACAS findings for determination of false positives, impact to customer system, identification of risk level adjustment, and provision of recommendations and tracking to closure.
· Implements and enforces all DoDNet cybersecurity policies and procedures located in the Enterprise Mission Assurance Support Service (eMASS) and in Defense Enterprise Portal Service (DEPS), as defined by cybersecurity related documentation.
· Collaborate with internal and external SMEs and senior-level Government customers to determine the best courses of action in preparation for IT audits, risk assessments, and regulatory requirements.
· Conduct cybersecurity research and analysis to support DISA's Configuration Control Board.
· Coordinate with government counterparts to support expert provisioning Remedy ITSM ticket management and customer support.
· Coordinate with customers and AO to troubleshoot RMF issues to identify the problem root causes and provide solutions.
· Reporting security status to key stakeholders
· Perform all other duties as assigned
· Strong writing and communication skill set is a must as this position is the lead on the RMF Weekly Status Report, Monthly Status Report, Quarterly Status Report, Metrics on RMF, and contributes to a weekly customer led cyber security briefing
Knowledge and Skills:
- ACAS analysis
- NIST control documentation and ATO Packages
- RMF documentation
- IAVA reporting
- eMASS and POAM tracking
- Excellent verbal and written communication skills
- Ability to organize and facilitate planning and demonstrations
- Ability to track, manage, and ensure project tasks are completed in a timely manner
- Accreditation Status
- STIG Compliance
- Recommended Disconnection Notices
- Enterprise Servers Vulnerabilities
- Infrastructure Devices vulnerabilities
- Assessment and Authorization (A&A) Visits
- Information Assurance Vulnerability Management (IAVM) Release Notifications
- Audit Findings
- Directives and Orders
- DoD Cybersecurity Scorecard
- RMF Transition Status
- Must be US Citizen
This position will involve minimal travel
AddressFort George Meade, MD
TechnologyView all jobs at Tyto Athene