What are the responsibilities and job description for the Cybersecurity RMF Engineer position at RMC Global?
Description
RMC is seeking a Cybersecurity RMF Engineer for a full-time in-office position in Honolulu, HI!
Are you ready to embark on a fulfilling and impactful career journey with RMC Global? We're in search of an exceptional Cybersecurity RMF Engineer to become a part of our mission-driven team, dedicated to making a difference in the federal and commercial markets. At RMC, we're all about enhancing security for both our military and global commercial partners, offering an array of services such as Risk Management, Mission Assurance, and Cybersecurity.
Our team's well-being is paramount, and we reflect this commitment through our flexible work environment and exceptional company culture. By joining RMC, you become a key contributor to our mission – Assuring Tomorrow!
When you join RMC, you'll experience a range of benefits, including:
The Cybersecurity RMF Engineer fulfills the role of cybersecurity analyst and is responsible for working independently and with the FRCS team, providing cybersecurity and Risk Management Framework (RMF) subject matter expertise to clients within their area of responsibility. The analyst will provide informal training and assistance to Facility Related Control System (FRCS) owners and serve as a liaison between customers and HQ level and cybersecurity stakeholders. The analyst will be proactive, investigating cyber security issues, tracking progress to resolution, and keeping the FRCS program manager informed through regular status reporting. The analyst will work closely with other cybersecurity assessment teams to share data and coordinate assessment activities. The analyst is responsible for collecting and analyzing cybersecurity data and authoring client deliverables and reports and also ensuring the successful completion and provision of quality deliverables to respective clients that document, and in some cases identify corrective actions/mitigations to FRCS cybersecurity vulnerabilities with potential impacts.
Essential Functions
Education & Experience Requirements
https://rmcglobal.com/
Reasonable Accommodations Statement
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.
RMC has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills, and abilities. Additional functions and requirements may be assigned by your manager as deemed appropriate. This document does not represent a contract of employment, and RMC reserves the right to change this position description and/or assign tasks for the employee to perform, as RMC may deem appropriate.
RMC is an Equal Opportunity Employer.
RMC is seeking a Cybersecurity RMF Engineer for a full-time in-office position in Honolulu, HI!
Are you ready to embark on a fulfilling and impactful career journey with RMC Global? We're in search of an exceptional Cybersecurity RMF Engineer to become a part of our mission-driven team, dedicated to making a difference in the federal and commercial markets. At RMC, we're all about enhancing security for both our military and global commercial partners, offering an array of services such as Risk Management, Mission Assurance, and Cybersecurity.
Our team's well-being is paramount, and we reflect this commitment through our flexible work environment and exceptional company culture. By joining RMC, you become a key contributor to our mission – Assuring Tomorrow!
When you join RMC, you'll experience a range of benefits, including:
- Comprehensive health, vision, and dental insurance plans fully covered for employees
- Subsidized dependent health care coverage
- Participation in our Annual Bonus Program
- Life insurance policy equivalent to 1x your annual salary.
- Company paid short and long-term disability
- Cell phone reimbursement of $65 per month
- 401(k) Plan with contributions
- A 401(k) Safe Harbor Employer Contribution Program, which includes a 3% contribution
The Cybersecurity RMF Engineer fulfills the role of cybersecurity analyst and is responsible for working independently and with the FRCS team, providing cybersecurity and Risk Management Framework (RMF) subject matter expertise to clients within their area of responsibility. The analyst will provide informal training and assistance to Facility Related Control System (FRCS) owners and serve as a liaison between customers and HQ level and cybersecurity stakeholders. The analyst will be proactive, investigating cyber security issues, tracking progress to resolution, and keeping the FRCS program manager informed through regular status reporting. The analyst will work closely with other cybersecurity assessment teams to share data and coordinate assessment activities. The analyst is responsible for collecting and analyzing cybersecurity data and authoring client deliverables and reports and also ensuring the successful completion and provision of quality deliverables to respective clients that document, and in some cases identify corrective actions/mitigations to FRCS cybersecurity vulnerabilities with potential impacts.
Essential Functions
- Assist in computer network defense assessments, including threat intelligence, risk identification, vulnerability management, and security operations.
- Assess compliance using NIST, DoD, USMC and other security requirements to include the CNSSI 1253 Security controls and DISA STIGs/SRGs
- Develop, submit, and maintain RMF packages in eMASS for control systems and SCADA environments, including all local policies, artifacts and compliance items.
- Coordinate with ISSMs, system owners, and other cybersecurity stakeholders.
- Support site assessments, system categorization, and cybersecurity evaluations for operational technology (OT).
- Provide guidance on cybersecurity compliance for ICS/SCADA vendors and integrators.
- Continuously assess the cybersecurity posture of assigned sites by verifying scans, reviewing policies and procedures, and making recommendations for improvement.
- Review controls designs and provide comments and feedback to ensure they adhere to ATO requirements (including network diagrams for new system designs and human interface technologies for construction, energy, and utilities contracts).
- Perform OT monitoring and incident response and threat hunting by implementing, operating, and maintaining Dragos at both Regional and Installation levels.
- Assist in assessment activities on both FRCS/OT and IT according to documented requirements (i.e. STIG/SRG) and scan using tools such as ACAS, Nessus, and Dragos.
- Analyze assessment data to identify system deficiencies and vulnerabilities.
- Provide remediation recommendations to address vulnerabilities, develop and work through change management processes to ensure configuration control.
- Stay abreast of emerging cyber threats, attack techniques, and industry best practices in computer network defense. Assess their potential impact on the organization and make recommendations for proactive measures.
- Participate in conferences, work groups, meetings and other required events.
- Travel to supported installations and required locations to provide related cybersecurity expertise.
- Excellent writing skills, strong communication abilities, good time management and organizational skills.
- Experience using tools and applications such as Word, PowerPoint, Excel and SharePoint
- Work confidently in a fast-paced environment with the ability to independently support multiple projects.
- Possess an in-depth knowledge of concepts, best practices, and controls in a breadth of cybersecurity areas/domains, such as governance and risk management, access control, cryptography, physical security, security architecture and design, business continuity/disaster recovery planning, network security, application and operations security and compliance/incident management.
- Technical and IT audit or assessment background with practical knowledge of a wide variety of technologies, including control systems, infrastructure and operating systems, network and web infrastructures, database architecture and intrusion detection/prevention systems.
- Experience planning, designing, installing, monitoring, maintaining, and supporting networks, primarily in a Department of Defense (DOD) environment.
- Ability to work in a team environment and take initiative to help ensure team tasks are successfully completed within required timelines.
- Strong ability to interact and communicate both written and verbally with people at all levels, both technical and non-technical.
- Possess strong problem-solving skills.
- Familiarity with DOD Cybersecurity policy, utility control systems, building control systems and industrial control systems.
- Maintenance and verification of software and hardware inventories via both manual and automated means.
Education & Experience Requirements
- Bachelor’s Degree in Computer Science or IT related field or at least 4 years of experience performing the RMF process on OT or IT systems or cyber computer network defense.
- Minimum of 2 years of relevant experience in computer network defense, cybersecurity, conducting assessments, and vulnerability scanning using tools like ACAS, Nessus, etc.
- Minimum 5 years of experience with DoD RMF and eMASS or equivalent.
- Familiar with Active Directory, Group Policy, Windows Workstation and server administration.
- DoD 8140 compliant as a Level II Cyber Defense Analyst 511 (CEH, GCIH), Level II Systems Security Analyst 221 (CASP , CISSP)
- CISA
- CISM
- CEH
- CISSP
- GICSP
- Security Clearance: Obtaining a DoD Secret Clearance. Applicants selected will be subject to a government security investigation and must meet eligibility requirements for clearance level required for the job.
- Valid Passport: Possession of a current passport with a minimum of 8 months remaining until the expiration date.
- Travel Flexibility: Willingness and capability to travel, CONUS and OCONUS approximately 20% of the time.
- Telecommunication is potentially authorized for this role in a very limited scope.
- Work Environment Compliance: Commitment to maintaining a drug-free work environment, U.S. Citizenship, and possession of a valid state driver's license.
https://rmcglobal.com/
Reasonable Accommodations Statement
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. Reasonable Accommodations may be made to enable qualified individuals with disabilities to perform the essential functions.
RMC has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills, and abilities. Additional functions and requirements may be assigned by your manager as deemed appropriate. This document does not represent a contract of employment, and RMC reserves the right to change this position description and/or assign tasks for the employee to perform, as RMC may deem appropriate.
RMC is an Equal Opportunity Employer.
Salary : $65