|Published||June 1, 2023|
|Location||North Charleston, SC|
Job Title : DoD Secret - Cybersecurity RMF ISSO 3
Location : South Carolina (100% Remote)
Duration : 8 Months
- Opportunity for contract-to-hire based on employee performance, employee dependability, and client business needs.
- KBR is seeking candidates with Risk Management Framework (RMF) experience to join a team supporting the Defence Health Agency (DHA) Security Solutions Division (SDD).
- **Note: This position is remote, but candidate must be available for EST conference calls and able to travel (up to 20%) if required by the customer and project leads.
- Employee will serve in an ISSO support role and perform tasks related to Assessment & Authorization (A&A) and cybersecurity under DHA to obtain and maintain Authorizations to Operate (Client) for assigned DoD medical systems (i.e., applications, networks, devices). This position will be part of a team developing recommended courses of action needed to transition current policies and procedures to the DHA RMF-approved processes.
- Facilitate movement of multiple information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews.
- Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge
- Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities.
- Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs.
- Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts.
- Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies.
- Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes.
Day-to-day tasks may include the following:
- Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
- Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Produce evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements.
- Work with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides.
- Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
- Analyse vulnerability scans of information systems and assist in remediation tasks.
- Lead or attend meetings with SDD stakeholders to discuss statuses of efforts.
- Submit weekly reports to DHA leadership regarding system/program status.
- BS degree and six (6) years of experience with Cybersecurity / Information Technology, or twelve (12) years of hands-on experience with Cybersecurity / Information Technology
- Demonstrated experience with Risk Management Framework (experience under DHA a plus)
- Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
- Familiarity and experience with the DoD tool eMASS
- Familiarity with NIST publications
- Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
- Excellent customer service and organization skills
- Excellent oral and written communication skills
- Active DoD Secret security clearance
- DoD 8570-compliant
- Ability to travel up to 20%
Additional Qualifications a Plus:
- Experience working under DHA.
- Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)
- Experience in RMF policy development and strategy implementation
- Knowledge in Continuous Monitoring and Risk Scoring (CMRS)
- Knowledge in one or more of the following technologies:
- Medical devices
- Network Devices
- Databases MS SQL, Oracle
- Client Virtualization