Risk Management Framework / Information Assurance Analyst Lead

Risk Management Framework / Information Assurance Analyst Lead

Requirements

• BS degree with 12+ years’ experience or 16+ years of IA experience without a degree.
• Current DoD 8570 baseline certification for IAM III
• Expert in Risk Management Framework (RMF), NIST, ICD, and CNSS standards.
• Expert with network technologies (LAN & WAN) and best practices within a classified environment to include crypto and key management
• STIG compliance, SCC and STIG Viewer experience, and ACAS expertise.
• Expert with Microsoft Windows, Linux, and system virtualization in a secure network environment.
• Must be able to work in a constantly changing regulatory environment with short-, mid-, and long-term timelines for remediating any non-compliance
• Must be able to work well within a team environment and able to adapt quickly to change
• Good writing and verbal presentation skills
• Active DoD Top Secret Clearance with eligibility to obtain an SCI.

Responsibilities

• Assist the DTRA ISSM(s) by proactively tracking and reporting cybersecurity and RMF activity timelines, ensuring that all NIPR and SIPR RMF Packages are accurately maintained.
• Populate and regularly update RMF packages within DTRA’s instances of the DoD Enterprise Mission Assurance Support Service (eMASS) and the Intelligence Community’s Xacta system for IT systems, networks, and other assets requiring package preparation.
• Lead the creation and maintenance of cybersecurity operations-related Policies and Procedures, Administrative Guides, Plans, and Technical Documentation.
• Provide cybersecurity technical support and subject matter expertise to DTRA’s cybersecurity and risk management leadership, delivering senior-level briefings as necessary.
• Offer security guidance throughout system lifecycles in collaboration with engineers, administrators, and software developers.
• Prepare impact and risk assessment reports on residual risks, including identifying false positives and nonapplicable findings, for use by DTRA’s cybersecurity and risk management leadership. This includes security compliance reports, STIG reports, compliance status briefings, and security/risk test artifacts.
• Assist in the selection, configuration, operation, and reporting of vulnerability assessment and container-based security testing tools.
• Support cybersecurity and risk management workflow actions and change request tickets within DTRA’s change management system, including reviewing, approving, or addressing risk management aspects of change requests.
• Ensure compliance with and support DTRA’s supply chain risk management, foreign ownership and controlling interest, and review requirements for commercial, third-party, and open-source software.
• Lead security and compliance scanning of IT assets, including the delivery of scan reports.
• Help DTRA ISSM cybersecurity and RMF support teams respond to Cyber Task Orders, IA Directives, task responses, vulnerability discoveries, and ad-hoc vulnerability scanning requirements.
• Provide technical guidance to engineers, software developers, and system administrators to support vulnerability remediation, STIG compliance, patching, and code security measures required to achieve compliance.
• Validate the effectiveness of bug fixes, patches, and other remediation activities identified during previous test activities, providing evidential artifacts when needed to support IV&V, RMF, Cyber Task Orders, and other processes.
• Review and update IS Authorization documentation (Body of Evidence) to support IS Assessment and Authorization (Certification/Accreditation) activities.

Preferred Qualifications

• Past or current ISSM/ISSO experience
• Security+ or CISSP
• GCIH a plus
• DoD IS knowledge and experience
• Background or understanding of System Security Plans (SSP)
• Security hardening scripting/automation experience
• Microsoft OS Certification (MCSE Win 7 or other)
• Linux certification (RHCSA, CompTIA Linux, LCFS/LCFE, etc.)