Yesterday
Secret
Mid Level Career (5+ yrs experience)
$115,000
Engineering - Systems
Apra, Harbor, Guam (On-Site/Office)
*Must currently be local to Guam or be willing to permanently relocate to be considered. Secret
Clearance required.
The Government seeks a Risk Management Framework (RMF) support specialist to provide Facility Related Control System (FRCS) security engineering support in Guam to achieve and maintain Authorizations to Operate (ATOs). The contractor shall be responsible for creating and maintaining RMF artifacts and shall implement security controls, patch vulnerabilities on network devices, and resolve system security engineering concerns to ensure cyber compliance and readiness for the NAVFAC Marianas Facility Engineering Command (FEC) in Guam.
Resources will need to be onsite as required to support mission requirements. The requisite duties, knowledge, and experience are detailed below:
• Complete System / Mission decomposition to identify system components critical to priority mission functions.
• Work with CYBERSAFE team to complete grading of Facility Related Control Systems (FRCS).
• Report ongoing Risk Management Framework (RMF) package progress regularly to ISSM, HQ teams and various leadership personnel throughout NAVFAC Enterprise.
• Support government personnel in providing technical capabilities to assist with the development of custom mitigations to challenging technical requirements.
• Use collected system information and interviews with Subject Matter Experts (SMEs) and various system personnel to review artifacts for compliance, completeness, and quality in support of successful ATOs and ongoing maintenance.
RMF Artifacts include but aren’t limited to:
• Hardware and Software Lists
• Network diagrams in accordance with (IAW) with NAVFAC FRCS Diagram Requirements Job Aid
• Ports, Protocols, and Services Management (PPSM) forms
• Categorization Forms
• Cybersafe Grading Checklists
• Criticality Analysis Checklist (if applicable)
• Security Plan (SP)
• Security Assessment Plan (SAP)
• System specific policies IAW NIST 800-53 control families
• Implementation and System Level Continuous Monitoring (SLCM) Plans
• Raw vulnerability scan results
• Security Center generated reports
• Manual Security Technical Implementation Guide (STIG) and Security
Requirements Guide (SRG) checklists (CKLs)
Contractor performs all necessary tasks to support RMF packages, including uploading artifacts into eMASS in the proper format to support initial RMF authorization, maintenance, or reauthorization efforts.
Duties include:
• Implementing security controls in accordance with STIGs and SRGs
• Patching vulnerabilities on IT/networking devices and all IP-based controllers
• Conducting vulnerability scanning of all IP devices and generate reports
• Completing manual STIG checklists (CKLs) according to the approved SAP
• eMASS tasks such as inputting test results, uploading scan results, mapping vulnerabilities to controls, updating and maintaining POA&Ms, and processing eMASSworkflows
• Providing on-site validation support
• Facilitating and managing change requests and authorization boundary changes with Operational Technology Design Authority (OTDA)
• Collaborating with multiple departments to perform scanning and patching to include intermittent nationwide travel according to multiple site requirements and availability
In addition to RMF support, Contractor will be responsible for the following duties:
• Manage IP schemas.
• Account management.
• Manage and maintain windows servers and clients.
• Ensure standardization of network device configuration and compliance with DISA STIG requirements
• Provide system administration support for the electrical meter collection and analysis software packages and database requirements.
Preferred Qualifications (Desired):
• Bachelor degree in IT/Cybersecurity related field
• Experience with implementing Security Technical Implementation Guides (STIGs) and Security
Requirement Guides (SRGs)
• Experience conducting ACAS scans and generating reports
• Knowledge of industrial communication protocols
• Knowledge of HVAC Systems equipment and operation
• Knowledge of HVAC Control Systems
• Knowledge of utility information systems and energy-management technologies
• Five (5) years of related experience and/or training including military or civilian experience
• Problem-solving skills and attention to detail
Clearance required.
The Government seeks a Risk Management Framework (RMF) support specialist to provide Facility Related Control System (FRCS) security engineering support in Guam to achieve and maintain Authorizations to Operate (ATOs). The contractor shall be responsible for creating and maintaining RMF artifacts and shall implement security controls, patch vulnerabilities on network devices, and resolve system security engineering concerns to ensure cyber compliance and readiness for the NAVFAC Marianas Facility Engineering Command (FEC) in Guam.
Resources will need to be onsite as required to support mission requirements. The requisite duties, knowledge, and experience are detailed below:
• Complete System / Mission decomposition to identify system components critical to priority mission functions.
• Work with CYBERSAFE team to complete grading of Facility Related Control Systems (FRCS).
• Report ongoing Risk Management Framework (RMF) package progress regularly to ISSM, HQ teams and various leadership personnel throughout NAVFAC Enterprise.
• Support government personnel in providing technical capabilities to assist with the development of custom mitigations to challenging technical requirements.
• Use collected system information and interviews with Subject Matter Experts (SMEs) and various system personnel to review artifacts for compliance, completeness, and quality in support of successful ATOs and ongoing maintenance.
RMF Artifacts include but aren’t limited to:
• Hardware and Software Lists
• Network diagrams in accordance with (IAW) with NAVFAC FRCS Diagram Requirements Job Aid
• Ports, Protocols, and Services Management (PPSM) forms
• Categorization Forms
• Cybersafe Grading Checklists
• Criticality Analysis Checklist (if applicable)
• Security Plan (SP)
• Security Assessment Plan (SAP)
• System specific policies IAW NIST 800-53 control families
• Implementation and System Level Continuous Monitoring (SLCM) Plans
• Raw vulnerability scan results
• Security Center generated reports
• Manual Security Technical Implementation Guide (STIG) and Security
Requirements Guide (SRG) checklists (CKLs)
Contractor performs all necessary tasks to support RMF packages, including uploading artifacts into eMASS in the proper format to support initial RMF authorization, maintenance, or reauthorization efforts.
Duties include:
• Implementing security controls in accordance with STIGs and SRGs
• Patching vulnerabilities on IT/networking devices and all IP-based controllers
• Conducting vulnerability scanning of all IP devices and generate reports
• Completing manual STIG checklists (CKLs) according to the approved SAP
• eMASS tasks such as inputting test results, uploading scan results, mapping vulnerabilities to controls, updating and maintaining POA&Ms, and processing eMASSworkflows
• Providing on-site validation support
• Facilitating and managing change requests and authorization boundary changes with Operational Technology Design Authority (OTDA)
• Collaborating with multiple departments to perform scanning and patching to include intermittent nationwide travel according to multiple site requirements and availability
In addition to RMF support, Contractor will be responsible for the following duties:
• Manage IP schemas.
• Account management.
• Manage and maintain windows servers and clients.
• Ensure standardization of network device configuration and compliance with DISA STIG requirements
• Provide system administration support for the electrical meter collection and analysis software packages and database requirements.
Preferred Qualifications (Desired):
• Bachelor degree in IT/Cybersecurity related field
• Experience with implementing Security Technical Implementation Guides (STIGs) and Security
Requirement Guides (SRGs)
• Experience conducting ACAS scans and generating reports
• Knowledge of industrial communication protocols
• Knowledge of HVAC Systems equipment and operation
• Knowledge of HVAC Control Systems
• Knowledge of utility information systems and energy-management technologies
• Five (5) years of related experience and/or training including military or civilian experience
• Problem-solving skills and attention to detail
group id: 91129865
