Cybersecurity RMF Engineer

at Marathon TS
Published June 3, 2023
Location Washington, DC
Category Default  
Job Type Full-time  


Job Description

Fully Remote

Marathon TS is seeking a Cybersecurity RMF Engineer in support of the Defense Health Agency (DHA) located out of Fairfax, VA. This position is FULLY REMOTE. Candidates must possess an active Secret Clearance to be considered.

About this role:
The Cybersecurity RMF Engineer will serve in a support role and to perform tasks related to Assessment & Authorization (A&A) and cybersecurity under DHA RMF Program Office Support/Counselor and to obtain and maintain Authorizations to Operate (Client) for assigned DoD Military Treatment Facilities (MTFs). This position will be part of a team developing or updating policies and procedures to meet the requirements of NIST 800-53 rev4 controls as part of the DHA RMF process. The individual must also be able to assess STIG compliance across various technologies.

Primary Responsibilities include:
• Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge
• Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities
• Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs using DISA SCAP Compliance Checker and ACAS in conjunction with hands on manual STIG assessment as necessary
• ctively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts
• Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
• Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes

Day-to-day tasks may include the following:
• Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
• ssess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Produce evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements
• Work with system administrators, engineers, and ISSM to create or update system/site policies, procedures, and process guides
• Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories
• nalyze vulnerability scans of information systems and assist in remediation tasks
• Lead or attend meetings with stakeholders to discuss statuses of efforts
• Submit weekly reports to DHA leadership regarding system/program status

Minimum Requirements:
• BS degree and ten (10) years of experience with Cybersecurity / Information Technology, or fifteen (15) years of hands-on experience with Cybersecurity / Information Technology
• Demonstrated experience with Risk Management Framework (experience under DH plus)
• Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, system/site policies, procedures, and processes, architecture diagrams, and hardware/software inventories
• Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Familiarity with NIST publications
• ctive DoD Secret security clearance
• DoD 8570-compliant (CompTIA Security+ certified)
• bility to obtain OS certification or complete approved related training within 180 days of hire
• bility to travel up to 20-30% for assessments

Additional Requirements a Plus:
• Experience with eMASS
• Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)
• Experience in RMF policy development and strategy implementation
• Knowledge in Continuous Monitoring and Risk Scoring (CMRS)
• Knowledge in one or more of the following technologies:
o Medical devices
o Windows
o Linux/Unix
o Network Devices
o Databases - MS SQL, Oracle
o VMWare - Virtualization

Marathon TS is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at Marathon TS will be based on merit, qualifications, and abilities. Marathon TS does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").