Powder River Industries

RMF Security Engineer

Powder River Industries

full-time

Posted on:

Origin:  • 🇺🇸 United States • Virginia

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

Tech Stack

CloudCyber SecurityJavaScript

About the role

  • RMF security engineer with 5 years RMF/Sec engineering experience
  • Provides end-to-end A&A support for DoD cybersecurity, privacy, and financial controls implementation, testing, monitoring, and enforcement
  • Interprets risks and recommends approaches to meeting DoD compliance and cybersecurity requirements in accordance with NIST Risk Management Framework (RMF) Controls and DoD Policy
  • Supports risk management tasks, POA&M, ST&E, system documentation, authorizations, risk assessments, third-party audits, ensuring compliance with NIST 800-53 standards, and performing threat assessments according to the RMF lifecycle and processes
  • Interprets risks and recommends approaches to meeting DoD compliance and cybersecurity requirements in accordance with NIST RMF and DoD Policy.

Requirements

  • DoD Secret Clearance (Must be active as we're unable to sponsor)
  • 5 years of experience
  • Experience in mapping, implementing, interpreting, and documenting RMF security controls
  • Experienced managing the eMASS cybersecurity management tool
  • Experience developing and submitting at least six (6) ATO packages
  • Thorough understanding of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the federal government, including knowledge of all phases of the RMF lifecycle
  • Proven experience in assisting client risk management tasks, such as managing POA&M, conducting Security Tests and Evaluations (ST&E), creating system documentation, performing authorizations, carrying out risk assessments, handling third-party audits, ensuring compliance with NIST 800-53 standards, and performing threat assessments according to the RMF lifecycle and processes
  • Demonstrated proficiency to plan and monitor security control implementation for the protection of networks, enclaves, and information systems
  • Strong communication abilities, including working closely with highly technical administrators to enhance overall security measures
  • Ability to generate and interpret ACAS scans to identify system vulnerabilities and monitor remediation efforts or mitigation strategies
  • Working knowledge and experience implementing and evaluating manual Security Technical Implementation Guides (STIGs), Security Content Automation Protocol (SCAP), and SCAP Compliance Checker (SCC)
  • Working knowledge of common assessment & authorization (A&A) application platforms e.g. eMASS, CSAM, Xacta, etc.
  • Previous experience in a technical role such as a system or network administrator is a plus.