Risk Management Framework Specialist

BB6 Defense

Risk Management Framework Specialist

Springfield, VA
Full Time
Paid
  • Responsibilities

    Benefits:

    401(k) matching

    Competitive salary

    Dental insurance

    Health insurance

    Opportunity for advancement

    Paid time off

    Training & development

    Tuition assistance

    Vision insurance

    Wellness resources

    BB6 is looking for an amazingly talented Risk Management Framework Specialist to join our team!

    What Required Skills You'll Bring:

    Active TS/SCI.

    Ability to obtain and maintain a CI POLY.

    Bachelor's degree or equivalent experience in a related field.

    7 - 10 years of relevant work experience.

    What You'll Be Doing:

    Prepare security documentation for seven systems to include test plan, security plans, hardware list, software list data flow diagrams, standard operating procedures, policies and network diagrams, topological drawings to illustrate the interconnection between the systems and or networks.

    Ensure proper use of remote access connectivity from Customer to the Personnel Security and Background Investigation systems approved by Customer’s CIO and Information Technology Services Directorate (CIO-T) office and maintained in accordance with Customer’s policy and procedures.

    Services offered ensure the File Transfer Protocol (FTP) connections from the Customer to the Background Information system meets Customer and National Institute of Standards and Technology (NIST) requirements.

    Data sensitivity, coordinate use of multiple security countermeasure to protect the integrity of the information assets in the enterprise is overarching goal, in addition to protecting and ensuring data sensitivity is being enforced.

    Ensure the user community of this network is in conformance with all computing standards of the Customer.

    Information exchange security ensure the site-to-site VPN tunnels are established based on the Customer and Department of Defense (DoD) requirement.

    Rules of behavior the Personnel Security and Background Investigation systems, users are protecting the data in accordance with the Customer and DoD policies, standards, regulations, and procedures for the specified systems.

    Formal security policy and procedures ensure investigation operations will follow accreditation standards using Intelligence Community Directive (ICD) 503, RMF, categorizing methods of High Confidentiality, High Integrity, and Moderate Availability level. The contractor is expected to protect the Background Investigation systems through implementation of security controls that protect against malicious behavior to include intrusion, tampering and virus between the two systems.

    Audit trail responsibility provide a means to detect, prevent, record in an audit trail and report to the Information System Security Officer (ISSO) any attempts by non-authorized users to access the system. Provide audit logs to the Customer monthly.

    Ensure security parameters controls that were identified by the Customer be augmented by policies and procedures.

    Ensure Security categorization of High Confidentiality, High Integrity and Moderate Availability based on the information types are followed.

    Training and awareness of system, contractors are required to complete annual refresher IT Security Awareness training as well as additional security training based on their Security Specialist roles and responsibility.

    Specific equipment restrictions, document all interconnections are required for all systems.

    Ensure no personal computers or other agency computers will be used across the interconnection or on the Customer Networks.

    As part of the monthly report, conduct vulnerability scans bi-weekly and Security Technical Implementation Guide (STIG) System scans every three months and provide results of scans.

    Minimum Clearance Required to Start:

    Top Secret