Yesterday
Top Secret/SCI
Senior Level Career (10+ yrs experience)
Unspecified
No Traveling
Intelligence
Va Bch, VA (On-Site/Office)
This position is contingent upon funding with an expected start date of December 2025
TS/SCI Clearance required
SRG is seeking an Intelligence Security Specialist to manage Risk Management Framework (RMF) activities, focusing on Step 5 authorization and continuous monitoring. Key tasks include conducting STIG assessments, performing vulnerability assessments with ACAS, managing RMF packages via eMASS or XACTA, and developing POA&Ms. You'll also support RMF Step 5 authorizations, provide risk reduction recommendations, manage privileged user compliance, and ensure adherence to Navy and DoD policies on removable media. This role offers the chance to make a significant impact in cybersecurity and RMF.
On-site only, no telework.
Position Responsibilities:
Perform RMF activities throughout all lifecycle phases, with a focus on Step 5 authorization and continuous monitoring support.
Conduct STIG assessments using SCAP benchmarks and Evaluate STIG to ensure compliance with DoD security requirements.
Perform vulnerability assessments utilizing the Assured Compliance Assessment Solution (ACAS) and recommend mitigation strategies.
Utilize eMASS or XACTA for managing RMF packages, documenting artifacts, and supporting ATO processes.
Develop and maintain Plans of Action and Milestones (POA&Ms), ensuring accuracy and timely updates.
Support RMF Step 5 authorizations in the role of an Information System Security Engineer (ISSE) or Information System Security Officer (ISSO).
Provide clear, actionable risk reduction recommendations to technical and non-technical stakeholders.
Manage privileged user compliance documentation, Cybersecurity Workforce (CSWF) training, and certification tracking.
Research, interpret, and communicate Cyber Task Orders (CTOs), ensuring proper implementation and documentation.
Track RMF documentation requirements and coordinate updates with system owners and responsible POCs.
Review Interconnection Security Agreements (ISAs) to verify technical details and compliance with ATO boundaries.
Maintain tracking, control, and destruction of removable media in accordance with Navy and DoD policies.
Required Qualifications:
Active TS/SCI security clearance
Bachelor of Science in Information Systems, Information Technology, Computer Science, or Computer Engineering plus 10 years of experience or MS plus 8 years of relevant experience. 15 years of documented relevant experience can be substituted in lieu of the degree; however, all other certifications are required.
DoD Approved 8570 Baseline Certification: Category IAT Level II (One of the Following):
CCNA Security
CySA+
GICSP
GSEC
Security+ CE
SSCP
CND
CASP+ CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIH
CCSP
Minimum of 10 years of full-time professional experience in Risk Management Framework (RMF) activities.
Demonstrated experience in:
Conducting STIG assessments using SCAP/Evaluate STIG.
Performing vulnerability assessments with ACAS.
Using eMASS or XACTA for RMF package tracking.
Developing and managing POA&M entries.
Supporting RMF Step 5 authorizations as an ISSE or ISSO.
Communicating risk reduction strategies to stakeholders.
Managing privileged user documentation, CSWF requirements, and compliance training.
Interpreting and implementing Cyber Task Orders (CTOs).
Maintaining and reviewing ISAs.
Handling removable media inventories and destruction in compliance with security policies.
TS/SCI Clearance required
SRG is seeking an Intelligence Security Specialist to manage Risk Management Framework (RMF) activities, focusing on Step 5 authorization and continuous monitoring. Key tasks include conducting STIG assessments, performing vulnerability assessments with ACAS, managing RMF packages via eMASS or XACTA, and developing POA&Ms. You'll also support RMF Step 5 authorizations, provide risk reduction recommendations, manage privileged user compliance, and ensure adherence to Navy and DoD policies on removable media. This role offers the chance to make a significant impact in cybersecurity and RMF.
On-site only, no telework.
Position Responsibilities:
Perform RMF activities throughout all lifecycle phases, with a focus on Step 5 authorization and continuous monitoring support.
Conduct STIG assessments using SCAP benchmarks and Evaluate STIG to ensure compliance with DoD security requirements.
Perform vulnerability assessments utilizing the Assured Compliance Assessment Solution (ACAS) and recommend mitigation strategies.
Utilize eMASS or XACTA for managing RMF packages, documenting artifacts, and supporting ATO processes.
Develop and maintain Plans of Action and Milestones (POA&Ms), ensuring accuracy and timely updates.
Support RMF Step 5 authorizations in the role of an Information System Security Engineer (ISSE) or Information System Security Officer (ISSO).
Provide clear, actionable risk reduction recommendations to technical and non-technical stakeholders.
Manage privileged user compliance documentation, Cybersecurity Workforce (CSWF) training, and certification tracking.
Research, interpret, and communicate Cyber Task Orders (CTOs), ensuring proper implementation and documentation.
Track RMF documentation requirements and coordinate updates with system owners and responsible POCs.
Review Interconnection Security Agreements (ISAs) to verify technical details and compliance with ATO boundaries.
Maintain tracking, control, and destruction of removable media in accordance with Navy and DoD policies.
Required Qualifications:
Active TS/SCI security clearance
Bachelor of Science in Information Systems, Information Technology, Computer Science, or Computer Engineering plus 10 years of experience or MS plus 8 years of relevant experience. 15 years of documented relevant experience can be substituted in lieu of the degree; however, all other certifications are required.
DoD Approved 8570 Baseline Certification: Category IAT Level II (One of the Following):
CCNA Security
CySA+
GICSP
GSEC
Security+ CE
SSCP
CND
CASP+ CE
CCNP Security
CISA
CISSP (or Associate)
GCED
GCIH
CCSP
Minimum of 10 years of full-time professional experience in Risk Management Framework (RMF) activities.
Demonstrated experience in:
Conducting STIG assessments using SCAP/Evaluate STIG.
Performing vulnerability assessments with ACAS.
Using eMASS or XACTA for RMF package tracking.
Developing and managing POA&M entries.
Supporting RMF Step 5 authorizations as an ISSE or ISSO.
Communicating risk reduction strategies to stakeholders.
Managing privileged user documentation, CSWF requirements, and compliance training.
Interpreting and implementing Cyber Task Orders (CTOs).
Maintaining and reviewing ISAs.
Handling removable media inventories and destruction in compliance with security policies.
group id: 91127911
