Risk Management Framework (RMF) Lead

at  Leidos

JOB DESCRIPTION

1901 Group (A Leidos Company) has an exciting Information Assurance Engineer position located in Blacksburg, VA with opportunities to work remotely. The Assurance Engineer will work with an elite team of IT professionals to maintain an optimal secure cloud architecture and environment for critical DOD customer systems.

BASIC QUALIFICATIONS:

• Bachelor’s degree and 4 years of experience in Information Assurance, additional years of experience will be acceptable in lieu of a degree.
• Certifications: DoD 8570 IAT Level II baseline certification (CCNA Security, CySA+, GICSP, GSEC, Security+ CE, CND, SSCP)
• Possesses a broad technical background and comprehensive expertise in cybersecurity implementation.
• Expert on the NIST SP 800-37, ICD 503, CNSSI 1253, and related guidance.
• Coordinate and conduct the day-to-day activities associated with managing risk to information systems and organizations on behalf of Authorization Official.
• Secret Clearance is required and must be a US Citizen

PREFERRED QUALIFICATIONS:

• Previous experience with Microsoft Azure and DoD environments
• Previous experience with Network Monitoring platforms (Solarwinds, SL1, PRTG)
• Experience with ITIL processes and/or ITIL Foundation V3/4 certification.
• An entrepreneurial spirit with the ability to drive innovation independently; have a passion to improve at every opportunity.
• Proven able to credibly coordinate between technical teams and business stakeholders.
• Willing to perform shift work.

• Evaluate software and hardware during pre-acquisition phases to determine its ability to meet minimum security requirements based on NIST SP 800-53 Rev 5 & RMF 2.0 security controls.
• Author, review, coordinate and submit cybersecurity authorization required artifacts to eMASS (including change requests) to achieve milestones such as Interim Authority to Test (IATT) and Authorization to Operate (ATO) in accordance with the project schedule.
• Support conducting cybersecurity authorization activities to comply with all current Cybersecurity and IA manuals, instructions, and guides within the DoDI 8500.01 and DON 5239.
• Continuously monitor system resources through automated scanning and implement automated reporting feeds to support cybersecurity authorizations.
• Verify patch compliance using the approved technical solution (i.e., Assured Compliance Assessment Solution (ACAS)) Information Assurance Vulnerability Alert (IAVA) compliance dashboards.
• Coordinate with local administrators to troubleshoot and elevate patching issues in a timely manner to meet patch compliance SLA timelines.
• Implementation of security procedures, and verify information system security requirements, including coordinating the execution, review, and disposition of Security Technical Implementation Guide (STIG) checklists for systems, applications, developed code and other components.
• Evaluate, document, and lead the implementation of applicable STIGs for all systems and components within the authorization boundary.
• Independently develop and maintain system security documentation, including drafting, reviewing, editing, and recommending guidance for Standard Operating Procedures (SOP), Tactics, Techniques, & Procedures (TTP), Plan of Action and Milestones (POA&M) and Federal Information Security Management Act (FISMA) Score Card.
• Participate in regular briefings with the customer on cybersecurity status, including preparing briefing materials. Work closely with government Cyber team to support ATO conditions and requirements.