RMF Analyst at SAIC

Colorado Springs, Colorado, United States -

Full Time

Start Date

Immediate

Expiry Date

23 Feb, 26

Salary

0.0

Posted On

25 Nov, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Risk Management Framework, Information Systems Security Manager, Cyber Security, Security Plans, eMASS, DoDD 8500.01, DoDI 8510.01, NIST SP800-53, Security Technical Implementation Guides, Plans of Action and Milestones, Cyber Operational Readiness Assessment, Security + Certification, Authority to Operate, System Categorization, Cybersecurity Presentations, Security Compliance

Industry

Defense and Space Manufacturing

Description

SAIC is seeking qualified applicants for RMF Engineer/ISSM (Information Systems Security Manager) to provide Risk Management Framework (RMF) in support of the North American Aerospace Defense Command/United States Northern Command (N&NC) Information Technology (IT) Enterprise Services (NITES) contract, with primary work onsite in Colorado Springs. The candidate selected for this position: Oversees system registration and record within eMASS to support the Risk Management Framework (RMF) process and authorization for N&NC Enterprise to ensure compliance and mitigate risk Assure standards consistent to meet and exceed standards to minimize risks and remain Cyber Operational Readiness Assessment (CORA) ready status Manage continuous Cyber Security posture of enterprise systems and identify mitigations to meet DoDD 8500.01, DoDI 8510.01, DoDD 8140.01, and NIST SP800-53. Understands scans from ACAS, SCAP, and/or other approved tools to determine security posture of systems to develop/maintain Authority to Operate (ATO) for systems and enclaves Refine the determination of the system categorization is accordance with CNSSI 1253 in areas of Confidentiality, Integrity, and Availability as information types and system interconnections change Manage development/maintenance of Security Plans, ensuring proper Security Technical Implementation Guides (STIGs) are applied for each system and enclave Ensure that all findings are properly documented in the Plan of Action and Milestones (POA&M) on an on-going basis Create and refine correct policies, procedures, and artifacts necessary to ensure controls are met Required: Certification required per DoDD 8570, Security + Preferred certification is Security X BS plus 5 years of experience or or equivalent work experience in the Information Assurance / Cybersecurity field 2+ years of experience preferred as a primary ISSO or security compliance lead for an IT system Direct experience in RMF artifacts and eMass tracking of records Experience creating, tracking, and completion of Plans of Action and Milestones (POA&Ms) for resolving security control deficiencies TS/SCI security clearance Guide working groups and teams for Milestone Reviews, Configuration Management, etc Prepare/conduct cybersecurity presentations and make cybersecurity risk recommendations Provide status updates to System Owners and leadership Provide monthly status report to reflect the activities accomplished, issues, and path forward Desired: Security Information and Event Management (SIEM) Experience Ability to work in a team focused, dynamic environment Cross Domain Solutions Certification Experience Must be flexible, independent, and self-motivated Must be punctual with regular and consistent attendance

Responsibilities

The RMF Analyst oversees system registration and record within eMASS to support the RMF process and authorization for N&NC Enterprise. They manage the continuous Cyber Security posture of enterprise systems and ensure compliance with various security standards.