Today
Secret
Unspecified
Unspecified
IT - Security
Alexandria, VA (On-Site/Office)
The role requires:
- 5 years of experience
- Secret / Tier 3
- Primary Location: Alexandria, VA - Hybrid (occasional on-site required)
Skills
- Authority to Operate (ATO)
- Business Writing
- Cloud Security
- Communications Planning
- CompTIA Security+
- Cyber Risk
- Cybersecurity
- Enterprise Mission Assurance Support Service (eMASS)
- Information Security Engineering
- IT Security
- NIST 800-53
- Plan Of Action And Milestones (POA&M)
- Risk Management Frameworks
- RMF
- Security Engineering
- Security Operations
- Security Technical Implement Guide(STIGS)
- System Security Plan (SSP)
Description
This position is for a RMF security engineer and requires 5 years of experience with RMF / Sec engineering. Provides end-to-end A&A support for DoD cybersecurity, privacy, and financial controls implementation, testing, monitoring, and enforcement. Interprets risks and recommends approaches to meeting DoD compliance and cybersecurity requirements in accordance with NIST Risk Management Framework (RMF) Controls and DoD Policy.
Preferred candidates must have:
Additional requirements include:
Thorough understanding of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the federal government, including knowledge of all phases of the RMF lifecycle.
- Proven experience in assisting client risk management tasks, such as managing POA&M, conducting Security Tests and Evaluations (ST&E), creating system documentation, performing authorizations, carrying out risk assessments, handling third-party audits, ensuring compliance with NIST 800-53 standards, and performing threat assessments according to the RMF lifecycle and processes.
- Demonstrated proficiency to plan and monitor security control implementation for the protection of networks, enclaves, and information systems.
- Strong communication abilities, including working closely with highly technical administrators to enhance overall security measures.
- Ability to generate and interpret ACAS scans to identify system vulnerabilities and monitor remediation efforts or mitigation strategies.
- Working knowledge and experience implementing and evaluating manual Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP), and SCAP Compliance Checker (SCC).
- Working knowledge of common assessment & authorization (A&A) application platforms e.g. eMASS, CSAM, Xacta, etc.
- Previous experience in a technical role such as a system or network administrator is a plus.
- 5 years of experience
- Secret / Tier 3
- Primary Location: Alexandria, VA - Hybrid (occasional on-site required)
Skills
- Authority to Operate (ATO)
- Business Writing
- Cloud Security
- Communications Planning
- CompTIA Security+
- Cyber Risk
- Cybersecurity
- Enterprise Mission Assurance Support Service (eMASS)
- Information Security Engineering
- IT Security
- NIST 800-53
- Plan Of Action And Milestones (POA&M)
- Risk Management Frameworks
- RMF
- Security Engineering
- Security Operations
- Security Technical Implement Guide(STIGS)
- System Security Plan (SSP)
Description
This position is for a RMF security engineer and requires 5 years of experience with RMF / Sec engineering. Provides end-to-end A&A support for DoD cybersecurity, privacy, and financial controls implementation, testing, monitoring, and enforcement. Interprets risks and recommends approaches to meeting DoD compliance and cybersecurity requirements in accordance with NIST Risk Management Framework (RMF) Controls and DoD Policy.
Preferred candidates must have:
- Experience in mapping, implementing, interpreting, and documenting RMF security controls
- Experienced managing the eMASS cybersecurity management tool
- Experience developing and submitting at least six (6) ATO packages
- Secret Clearance
Additional requirements include:
Thorough understanding of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the federal government, including knowledge of all phases of the RMF lifecycle.
- Proven experience in assisting client risk management tasks, such as managing POA&M, conducting Security Tests and Evaluations (ST&E), creating system documentation, performing authorizations, carrying out risk assessments, handling third-party audits, ensuring compliance with NIST 800-53 standards, and performing threat assessments according to the RMF lifecycle and processes.
- Demonstrated proficiency to plan and monitor security control implementation for the protection of networks, enclaves, and information systems.
- Strong communication abilities, including working closely with highly technical administrators to enhance overall security measures.
- Ability to generate and interpret ACAS scans to identify system vulnerabilities and monitor remediation efforts or mitigation strategies.
- Working knowledge and experience implementing and evaluating manual Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP), and SCAP Compliance Checker (SCC).
- Working knowledge of common assessment & authorization (A&A) application platforms e.g. eMASS, CSAM, Xacta, etc.
- Previous experience in a technical role such as a system or network administrator is a plus.
group id: PRISMVA
