Strategic ACI is seeking a Cybersecurity Compliance Specialist specializing in RMF. The candidate will work as part of a small cybersecurity team. The candidate will manage DoD Risk Management Framework (RMF) processes and will need to be familiar with creating eMASS packages, DISA STIGs, FISMA Compliance Requirements, NIST 800 Series, and the DoD ACAS Scanning tool desired.
Provide guidance in developing, reviewing, and maintaining security body of evidence BOE such as Security Plans (SSP), POA&Ms, STIG checklists, associated artifacts; and provide strategic recommendations in accordance with DoD and Army policies and procedures
Validate resolution of vulnerabilities documented in the POA&M and provide evidence of resolution for approval
Support on-site and remote site accreditation testing for networks at CONUS and OCONUS locations – travel up to 25%
Ensure security-related concerns and incidents are reported to ISSMs and managed timely
Providing guidance on NIST SP 800-53 publication for managing security controls
Support the creation or modification of FISMA compliancy documentation such as Contingency Plans, Incident Response Plan, Access Control Plans, etc.
Evaluate system’s risk in respect to operation at the network, system, and application level
Evaluate vulnerability assessment results and STIG results and manage findings in eMASS
Maintain close contact with government POCs to keep abreast of progress, report concerns or issues, and offer COAs as needed.
Active TS/SCI clearance
5+ years of Cybersecurity experience
3+ years proficiency in RMF processes
Experience using and navigating eMASS tool to manage Assessment & Authorization (A&A) process
Possess DoD 8570.01-M IAM Level I or II certifications such as CISSP, CISA, Security+
Proficiency in performing risk-based reviews of Security Authorization Package
Ability to work independently with minimal supervision or guidance.
Understanding of Army IC architectures, policies, and authorities.
Experience with Nessus Scanner
Experience with Security Content Automation Protocol (SCAP) tool
Understanding of DevSecOps, containers, cloud computing infrastructures, platforms, and services