Cyber Engineer - RMF

Job Description

We are seeking a Cyber Engineer - RMF to join our team! You will implement security measures for the protection of computer networks and information.

Responsibilities:

Govern and monitor the IT security posture of all unclassified and classified network enclaves and provide authority on Cybersecurity policies.

Manage all steps of the DoD Risk Management Framework (RMF) assess & authorize process.

Develop Plans of Actions and Milestones (POA&M) for registered systems.

Manage and maintain the System Security Plan (SP).

Assess security controls in accordance with NIST SP 800-53.

Possess in-depth knowledge of all NIST and CNSSI publications related to RMF and security controls for national security systems (NSS).

Maintain ISSM and Program Manager (PM) roles within eMASS for client systems.

Register new systems within eMASS as required.

Obtain Interim Authority to Test (IATT) authorization for new systems.

Create Assess-only RMF instances for software packages (NETCOM Certificate of Networthiness replacement).

Develop and maintain System-level artifacts for associated systems within eMASS.

Coordinate the development of technology-level artifacts with other teams.

Advise other teams on STIG compliance and mitigation strategies.

Manage the Authority to Operate (ATO) lifecycle for associated systems, to include coordinating Security Control Assessor – Validation (SCA-V) teams.

Develop and maintain FISMA metrics for DoD Cybersecurity scorecard reporting.

Maintain FISMA metric reporting within the client system.

Advise the client CISO and ISSM of all DoD RMF matters related to associated systems.

Ensure STIG checklists and associated artifacts for all technologies are reviewed, and validation results are posted to the client portal.

Qualifications:

BA or BS Bachelor’s Degree with 10+ years of overall applicable experience is highly preferred.

Minimum requirement is a HS Diploma with 12+ years of applicable experience.

Interim Top Secret clearance accepted at start, but ultimately requires Top Secret clearance.

Must have Security+ certification (CAP, CND, Cloud+, GSLC, HCISPP, CCNA Security, CySA+, GICSP, GSEC, SSCP is a plus).

Experience with policy creation, best business practices, and general Cybersecurity governance.

Experience serving as Information System Security Manager, Representative (ISSM-R).

Experience creating policy, best business practices, and general Cybersecurity governance.

Full-time