DoD Secret – Cybersecurity RMF ISSO 3

at Artech LLC
Published June 1, 2023
Location North Charleston, SC
Category Default  
Job Type Full-time  


Job Title : DoD Secret - Cybersecurity RMF ISSO 3

Location : South Carolina (100% Remote)

Duration : 8 Months


Government contract

  • Opportunity for contract-to-hire based on employee performance, employee dependability, and client business needs.
  • KBR is seeking candidates with Risk Management Framework (RMF) experience to join a team supporting the Defence Health Agency (DHA) Security Solutions Division (SDD).
  • **Note: This position is remote, but candidate must be available for EST conference calls and able to travel (up to 20%) if required by the customer and project leads.

Position Description:

  • Employee will serve in an ISSO support role and perform tasks related to Assessment & Authorization (A&A) and cybersecurity under DHA to obtain and maintain Authorizations to Operate (Client) for assigned DoD medical systems (i.e., applications, networks, devices). This position will be part of a team developing recommended courses of action needed to transition current policies and procedures to the DHA RMF-approved processes.

Primary Responsibilities:

  • Facilitate movement of multiple information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews.
  • Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge
  • Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities.
  • Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs.
  • Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts.
  • Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies.
  • Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes.

Day-to-day tasks may include the following:

  • Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
  • Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
  • Produce evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements.
  • Work with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides.
  • Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
  • Analyse vulnerability scans of information systems and assist in remediation tasks.
  • Lead or attend meetings with SDD stakeholders to discuss statuses of efforts.
  • Submit weekly reports to DHA leadership regarding system/program status.

Minimum Qualifications:

  • BS degree and six (6) years of experience with Cybersecurity / Information Technology, or twelve (12) years of hands-on experience with Cybersecurity / Information Technology
  • Demonstrated experience with Risk Management Framework (experience under DHA a plus)
  • Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
  • Familiarity and experience with the DoD tool eMASS
  • Familiarity with NIST publications
  • Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
  • Excellent customer service and organization skills
  • Excellent oral and written communication skills
  • Active DoD Secret security clearance
  • DoD 8570-compliant
  • Ability to travel up to 20%

Additional Qualifications a Plus:

  • Experience working under DHA.
  • Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)
  • Experience in RMF policy development and strategy implementation
  • Knowledge in Continuous Monitoring and Risk Scoring (CMRS)
  • Knowledge in one or more of the following technologies:
  • Medical devices
  • Windows
  • Linux/Unix
  • Network Devices
  • Databases MS SQL, Oracle
  • Client Virtualization