As a RMF Cybersecurity Analyst supporting the Federal Government and the Intelligence Community (IC), you will be entrusted with ensuring our IT engineering solutionsmeet the highest security standards, that they adhere to all applicable standards, guidelines, and mandates; and that all appropriate documentation necessary to make upa Body of Evidence (BoE) is provided to the Chief Information Security Officer (CISO), and Authorizing Official (AO) to successfully justify the issuing an Authority to Operate (ATO).

Job Description 

• Acting as an appointed Information System Security Officer (ISSO) for IC cyber systems being developed by the engineering team.
• Reporting, documenting, and briefing the status of systems under development, while assuring their successful and timely progression through the client RiskManagement Framework (RMF) to the satisfaction of the appointed Information System Security Manager (ISSM), and/or senior govt leadership.
• Providing clear justification describing the satisfaction all applicable security control implementation as specified by the IC, AO, or NIST-800-53, rev 4 rev 5.
• Authoring System Security Plans (SSP).
• Authoring System Security Test Plans (SSTP).
• Conducting self-assessments of all systems under development.
• Analyzing security controls and the impact changes would introduce to the environment.
• Preparing for and assisting with formal risk assessments conducted by the AO's designated Security Control Assessors (SCA) while acting as a member of the security assessment test team.
• Ensuring the remediation of any findings assigned to engineering as documented in the Security Assessment Report (SAR) and its Plan of Actions and Milestones(PO&AM).
• Documenting and defending reasoning when waivers are sought, or non-standard remediation solutions are requested for specific security controls.
• Assisting with the transition of systems granted an ATO to the Operations branch and the assignment of an operations ISSO.
• Researching remediation options for vulnerabilities identified for systems under development or already in production under an ATO.

Required Skills 

• Minimum of 3-years IC (SCI) RMF Assessment and Authorization (A&A) experience and the ability to describe the differences between collateral and SCI authorization requirements as they apply to DoD and IC instructions and guidelines.
• Ability to speak to the intent of all NIST 800-53 security controls.
• Minimum 1-year hands on experience with the Xacta application.
• Excellent oral and technical writing skills.
• Ability to work both independently and as a member of a team.

Standard Characteristics

• Perform a variety of Information Assurance (IA) and Computer Network Defense (CND) functions which are broad in nature and support multi-tier IA and CND functions to include, but not limited to, systems engineer, audit/inspection, infrastructure support, certification and accreditation, vulnerability management, detection and response support services
• Provide support for a program, organization, system, or enclave’s information assurance program
• Provide security certification test and evaluation of assets, vulnerability management and response, security assessments, and customer support
• Provide support for proposing, coordinating, implementing, and enforcing information systems security policies, standards, and methodologies
• Maintain operational security posture for an information system or program to ensure information systems security policies, standards, and procedures are established and followed
• Assist with the management of security aspects of the information system and performs day-to-day security operations of the system
• Evaluate security solutions to ensure they meet security requirements for processing classified information
• Perform vulnerability/risk assessment analysis to support certification and accreditation
• Provide configuration management (CM) for information system security software, hardware, and firmware
• Manage changes to system and assesses the security impact of those changes
• Prepare and reviews documentation to include System Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and System Requirements Traceability Matrices (SRTMs)
• Execute policies and guidance provided by senior functional/technical leads

Skills and Task - Exceptionally Complex

• Researches and evaluates new concepts and processes to improve performance.
• Analyzes cross-functional problem sets, identifies root causes and resolves issues.
• Assists more junior level technicians, specialists, and managers in their activities.
• Can perform all tasks of lower level technicians, specialists, and/or managers.

Leadership Management

• Works individually, actively participates on integrated teams, and leads multiple tasks, projects or teams.
• Oversees and monitors performance, and when required, takes steps to resolve issues.

Guidance

• Directs multiple teams through to project completion.
• Provides guidance and direction to lower level technicians, specialists, and managers.

Capabilities and Additional Requirements

• Interact with customers, IT staff, and high-level corporate officers to define and achieve required IA objectives.
• Provide daily oversight and direction to contractor Cybersecurity Officers.
• Serve as an Information Systems Security Manager (ISSM).

Education and Experience

• High School Diploma 10 years
• Associate's Degree 8 years
• Bachelor's Degree 6 years
• Master's Degree 4 years
• PhD 2 years