207 Business Park Dr., Ste. 100
VA Beach, VA 23462
Risk Management Framework Specialist
Employee Type: Full-Time
Location: Suffolk, VA
Job Type: Risk Management Framework Specialist
Experience: 5+ Years
Clearance: Top Secret/ SCI
AERMOR LLC is seeking a subject matter expertise and expert guidance to government personnel in the execution of Cyber Red Team Cybersecurity. Managing cybersecurity, certification, and accreditation and configuration change boards of the NRT networks.
- Creates, reviews, updates, and validate Cybersecurity Standard Operations Procedures (SOPs) as required.
- Reviews and maintains an inventory of authorized software (software custodian)
- Reviews and maintains an inventory of devices and media
- Audits and validates configurations deployed on laptops, workstations, and servers
- Audits and validates configurations of network devices based on DISA STIGs, or defining and implementing compensating controls of such STIGs as required to ensure mission execution.
- Maintain and update all Risk Management Framework (RMF) and C&A documentation to ensure the relevancy and currency of Navy Red Team assets to include required revisions and updates in eMass.
- Conduct comprehensive annual RMF package reviews to ensure continued compliance of the Navy Red Team tool suite and/or Networks.
- Ensure traceability is maintained throughout the RMF submission process (e.g.: C&A Plan, POAM, RAR, Topology, Software, Ports Protocols and Services, Test Plan).
- Maintain network and system documentation in DITPR-DON / DADMS.
- Maintain documentation and registration of Network Ports, Protocols, and Services.
- Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP).
- Maintain and report on the status of all outstanding C&A items and supporting documentation.
- As a member of the Configuration Control Board (CCB), ensures CCB approved changes are timely and accurately reflected in the C&A documentation.
- Support compliance validation of current and future directives (e.g.: IAVs, STIGs, CTOs).
- Provide recommendations for corrective action of any non-compliant security controls.
- Execute DISA STIG validations for systems in conjunction with C&A package reviews annually.
- Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
- Prepare reports on scanning results and configuration management observations monthly.
- Document assessment activities and results in sufficient detail to enable an external review of all assessment processes, activities, results, and conclusions.
- Conduct and document a semi-annual tabletop exercise (two times) each calendar year.
- Produce test plans, draft after actions, and other documents for review and comment.
- Review and/or revise Business Impact Analysis (BIA) to include business processes, IT dependency, and physical security assessments annually.
- Review and analyze IT contingency/disaster recovery plans for NIST and DoN compliance and produce checklists for IT systems.
- Assist with exercise and/or training and documentation of IT contingency plan and execution.
Required Skills and Experience:
- Certified Information Systems Security Professional (CISSP) certification.
- 1-3 years of experience with Assured Compliance Assessment System (ACAS) and/or Nessus.
- 5-10 years Certification and Accreditation (C&A) package assembly experience
- Risk Management Framework (RMF) training and certification is desired
- Prior appointment as a Fully Qualified Navy Validator is preferred (experience with DOD validation will be considered on a case by case basis)
For more information contact: email@example.com