02 Sep
Senior Cybersecurity / Risk Management Framework Information Assurance Engineer (Alternate Contract Manager)
Vacancy expired!
Job Description
This position is responsible for a full range of Cybersecurity / Risk Management Framework Information Assurance functions (outlined below) in support of the command’s mission and to ensure compliance with instructions, regulations, memorandums and procedures from higher echelons within the Department of Defense (DOD).
Duties & Responsibilities- Provide cyber posture of systems within the Authority to Operate (ATO) at Risk Management Framework Authorization and Accreditation (A&A) meetings with the command
- Assist the command with the development of Cybersecurity policies and procedures
- Perform assessment of selected security controls required to support the Security Control Assessor (SCA) during preparation of Security Assessment Report (SAR)s
- Use command scanning tools, such as Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP) to scan the environment and prepare Risk Assessment Report (RAR) containing the results of all security testing, STIGs, and applicable automated vulnerability scans
- Identify and document mitigations for any unfixable non-compliant findings to determine residual discoveries and risk that must be addressed and documented within A&A packages
- Perform RMF (6)-Step Process IAW DODI 8510.01
- Provide recommendations for DISA STIG implementation and risk mitigations
- Prepare and deliver A&A Project Plans
· Prepare and deliver System Security Plans (SSP) IAW NIST SP 800-53.
- Maintain the current baseline of system software (SW) and hardware (HW) within eMASS
- Maintain awareness of DOD strategy and plans for structure to support enterprise architecture and requirements toolsets
- Develop and deliver Plans of Actions and Milestones (POA&M)s for mitigating and resolving cyber risks
- Attend A&A meetings and provide expertise in support of the selection of Cybersecurity controls for the SSP
- Research and prepare supporting Information Assurance (IA) material for Information Technology Procurement Requests (ITPR) including authoring and submission.
- Management and maintenance of systems from initiation todecommission to include requirements to satisfy the “assess and authorize” events utilizing:
- NIST SP 800-53 Security and Privacy Controls for Federal Information Systems and Organizations, current edition
- NIST SP 800-37 Guide for Applying the Risk Management Framework to Federal Information Systems
- NIST SP 800-30 Guide for Conducting Risk Assessments, current edition
- NIST SP 800-39 Managing Information Security Risk, current edition
- Committee on National Security Systems Instruction 1253, Security Categorization and Control Selection for National Security Systems, March 15, 2012 as amended.
- Subchapter III of chapter 35 of Title 44, United States Code (also known as the Federal Information Security Management Act (FISMA of 2002)
- NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems Organizations, current edition
Qualifications
- Must be a U.S. Citizen; Top Secret Clearance required.
- 7+ yearsof complex Cybersecurity or Information Assurance experience; including Risk Management Framework
- Knowledge of the eMASS, Assured Compliance Assessment Solution (ACAS) and Security Content Automation Protocol (SCAP) tools
- Ability to detect, research and remediate technical discrepancies.
- Skilled in using MS Office Applications, Excel, Word, PowerPoint and Email
- Must have ability to communicate professionally and effectively in both oral and written form.
- Organized work habits, self-motivated and superb customer service; proactive in planning skills and problem-solving.
- Must be able to lift up to 55 lbs. without assistance. This including standing, walking, bending, twisting, and performing a variety of other physical functions on a consistent basis.
Additional Information
Company OverviewAgil3 Technology Solutions LLC ("A3T") is a Northern Virginia based, ISO 9001:2018, ISO 20000 & ISO 27001 Certified, 8a, Women-Owned (WOSB) and Service-disabled Veteran-Owned (SDVOSB) small business established in 2012. A recent recipient of the prestigious Washington Technology, TOP 50 (ranking #9), A3T is experiencing industry leading recognition and growth. In addition to the CEO’s recognition as an “All-Star Entrepreneur”, A3T is recognized by Inc Magazine as one of the fastest growing companies in the country, by Vet 50, as Fastest Growing Veteran-Owned Businesses, and is Featured in CyberSecurity Ventures / Cybercrime Magazine! “As a go-to Women-Owned Cybersecurity company in US and internationally”. As part of our growth, we are looking for a YOU to join our growing team.
A3T offers excellent benefits to enhance the work-life balance, these include the following:
- Medical Insurance
- Dental Insurance
- Vision Insurance
- Life Insurance
- Short Term & Long-Term Disability
- 401k Retirement Savings Plan with Company Match
- Paid Holidays
- Paid Time Off (PTO)
- Tuition and Professional Development Assistance
- Parking/TravelReimbursement (metropolitan areas)
It is the policy of A3T to provide equal opportunity in recruiting, hiring, training, and promoting individuals in all job categories without regard to race, color, religion, national origin, gender, age, disability, genetic information, veteran status, sexual orientation, gender identity, or any other protected class or category as may be defined by federal, state, or local laws or regulations.
Vacancy expired!