Information System Security Engineer / RMF Documentation Specialist
Job Description
** ACTIVE CLEARANCE REQUIRED
COMPANY OVERVIEW
Systems Technology Forum LTD (STF) is an established industry partner with a passion for exceptional performance and an unwavering commitment to our clients. As a premier provider of management, engineering, information technology, and logistics services, STF is committed to delivering high-quality systems engineering, technical and professional support services that meet and exceed deliverable requirements.
STF offers superior out-of-the-box solutions to end-to-end problems and customer-centric support to the United States Government, Military, Department of Defense (DoD), and other federal agencies.
JOB SUMMARY
This is not a management position and the candidate should posses the skills and experience of an individual who can perform the work with little supervision. The candidate will be a member of a team. Individual will provide a full range of Cybersecurity A&A services under the RMF process.
RESPONSIBILITIES AND DUTIES
Authors DoD IA Assessment and Accreditation (A&A) artifacts including Information System Categorization forms, software and hardware lists, topologies, control family plans, contingency plans, incident response plans, disaster recovery plans, IAVM plans, Conditional Authorization Requests, Delay to Disconnect letters, STIG, ACAS scan results, applicable waivers, System Level Continuous Monitoring Strategy, Privacy Impact Assessment, Plans of Action and Milestones (POA&M) entries with applicable mitigations and risk assessment fields thoroughly populated and the system Ports, Protocols, Services, Management (PPSM) worksheet . • Document a system from an IA perspective using Microsoft Office including MS Word, MS Excel, MS Visio and other appropriate tools. • Submit the documentation in the eMASS workflow through the Security Control Assessor (SCA) to the relevant Authorizing Official (AO); and gain Authority to Operate (ATO) for MSC IT Systems and Sites. • Lead the research, recommend and document logical and physical solutions that prevent, detect and correct the system to be authorized and accredited. • Research, document and remediation/mitigate DISA Security Technical Implementation Guides (STIGs) findings. • Research, document and remediate/mitigate vulnerabilities from Assured Compliance Assessment Solution (ACAS) scans. • Lead the identification of disagreements between as built specifications, security requirements and DoD security policies and design implementations to bring the system into compliance. • Plan, Develop, execute and document results of security test procedures. • Lead the technical support effort in identifying and specifying requirements and performing risk assessments. • Maintain the authorizations of MSC sites and systems. Evaluate security posture changes based on any functional changes/upgrades made throughout the lifecycle of the system(s), accomplished per delivery schedule and for inputting into the system or site POA&M. • Provide Annual Security Review (ASR) updates for input into Enterprise Mission Assurance Support Services (eMASS) per delivery schedule and for inputting into the system or site POA&M.
• Support the A&A process, including analyzing and development of policies, procedures, POAM’s, System Validation • Test and validate security controls in eMASS • Work with the System Owners, and Stakeholders for planning the assessment of information systems, system categorization and selection and tailoring of security controls. • Work with system owners to resolve POAM findings. • Perform in depth reviews of RMF artifacts. • Develop Plan of Actions & Milestones (POA&Ms) for each non-compliant control, STIG Finding or ACAS Scan Finding. • Perform Traceability analysis between Controls, POAM, STIG Checklist, Diagrams and Hardware / Software Lists • Produce System Diagrams (Architecture, System Boundary and Data Flow) • Knowledge of cybersecurity assessment and authorization (A&A) and associated processes, procedures, and activities in accordance with DoDI 8500.01, DoDI 8551.01, and other applicable NIST instructions, guidelines. • Experience supporting the formal Cybersecurity/IA testing required by government accrediting authorities, and preparing System Security Plans. • Analysis of ACAS Scan Reports and STIG Checklists to determine validity. • Hands-On experience with tools such as Assured Compliance Assessment Solution (ACAS), • Exceptional communication abilities, both verbal and written, including technical writing on complex topics. • Technical understanding of supporting security initiatives, conducting security monitoring, reporting and maintaining security compliance following security regulations and policies.
QUALIFICATIONS AND SKILLS
REQUIRED KNOWLEDGE AND YEARS OF EXPERIENCE
5 years of relative experience.
• Possess an in-depth understanding and experience working in Risk Management Framework (RMF), Enterprise Mission Assurance Support Service (eMASS) and utilizing the Security Control Assessor’s (SCA) RMF A&A Testing Guidance. • The ability to communicate clearly and succinct in written and oral presentations. Experience in eMASS • Document a system from an IA perspective using Microsoft Office including MS Word, MS Excel, MS Visio and other appropriate tools. • DISA STIG Viewer • Vulnerator • eMaster • Microsoft Office Suite (Excel, Word, PowerPoint, VISIO) • Experience with eMASS (POAM, Control Assessment, Work Flows) • DADMS/DITPR-DON • Assured Compliance Assessment Solution (ACAS) • Technical knowledge and skills in one of the following areas: Cybersecurity assessment, vulnerability scanning, integration and testing. • Hold an active security certification that meets DOD 8570 IAT level II or higher, such as CASP+ ce and Navy Qualified Validator (NQV).
EDUCATION REQUIREMENTS
BS Degree (or equivalent) in Cybersecurity, Information Security, Network Engineering, Computer Science or a related field. Additional years of experience and Cybersecurity certification may be considered in lieu of a degree.
CERTIFICATIONS
• CASP+ CE (required) or CISSP, must be current. • Navy Qualified Validator Level II is preferred in conjunction with IAM LEVEL II or III certification.
CLEARANCE REQUIREMENT
Secret Clearance Required
BENEFITS AND PERKS
At STF, we recognize that talented employees are the foundation of our success. STF provides benefits and compensation packages to help our employees meet the diverse and changing needs throughout their careers and lives.
BENEFITS PACKAGES INCLUDE THE FOLLOWING:
Powered by JazzHR
LmIBLL8bCI