Job Title : DoD Secret - Cybersecurity RMF ISSO 3

Location : South Carolina (100% Remote)

Duration : 8 Months

Responsibilities:

Government contract

• Opportunity for contract-to-hire based on employee performance, employee dependability, and client business needs.
• KBR is seeking candidates with Risk Management Framework (RMF) experience to join a team supporting the Defence Health Agency (DHA) Security Solutions Division (SDD).
• **Note: This position is remote, but candidate must be available for EST conference calls and able to travel (up to 20%) if required by the customer and project leads.

Position Description:

• Employee will serve in an ISSO support role and perform tasks related to Assessment & Authorization (A&A) and cybersecurity under DHA to obtain and maintain Authorizations to Operate (Client) for assigned DoD medical systems (i.e., applications, networks, devices). This position will be part of a team developing recommended courses of action needed to transition current policies and procedures to the DHA RMF-approved processes.

Primary Responsibilities:

• Facilitate movement of multiple information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews.
• Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined, and solutions require the continuation of specialized theories and knowledge
• Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities.
• Conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and protection needs.
• Actively lead and participate in regular A&A status meetings with government and contract personnel to facilitate progress and address potential issues of RMF system efforts.
• Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies.
• Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes.

Day-to-day tasks may include the following:

• Develop, update, and/or review RMF documentation to include Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports
• Assess system compliance against NIST, DoD, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Produce evidence as necessary to support compliance status of NIST, DoD, and DHA security requirements.
• Work with system administrators, engineers, and developers to create or update system/site policies, procedures, and process guides.
• Coordinate with other system SMEs to identify and develop authorization boundary diagrams, architecture diagrams, and hardware and software inventories.
• Analyse vulnerability scans of information systems and assist in remediation tasks.
• Lead or attend meetings with SDD stakeholders to discuss statuses of efforts.
• Submit weekly reports to DHA leadership regarding system/program status.

Minimum Qualifications:

• BS degree and six (6) years of experience with Cybersecurity / Information Technology, or twelve (12) years of hands-on experience with Cybersecurity / Information Technology
• Demonstrated experience with Risk Management Framework (experience under DHA a plus)
• Demonstrated efficiency and experience in RMF package development, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
• Familiarity and experience with the DoD tool eMASS
• Familiarity with NIST publications
• Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
• Excellent customer service and organization skills
• Excellent oral and written communication skills
• Active DoD Secret security clearance
• DoD 8570-compliant
• Ability to travel up to 20%

Additional Qualifications a Plus:

• Experience working under DHA.
• Experience with Assured Compliance Assessment Solution (ACAS) and Host Based Security System (HBSS)
• Experience in RMF policy development and strategy implementation
• Knowledge in Continuous Monitoring and Risk Scoring (CMRS)
• Knowledge in one or more of the following technologies:
• Medical devices
• Windows
• Linux/Unix
• Network Devices
• Databases MS SQL, Oracle
• Client Virtualization