Apply on Employer Site

Cambridge International Systems, Inc. · 4 months ago

Risk Management Framework (RMF) Analyst – TS Clearance | Norfolk, VA

Norfolk, VA

Full-time

Onsite

Mid, Senior Level

5+ years exp

Cambridge International Systems, Inc. is a dynamic global team focused on defense and security challenges. They are seeking a Risk Management Framework (RMF) Analyst to support operations in Norfolk, VA, responsible for maintaining cybersecurity documentation, ensuring compliance with security controls, and conducting assessments of IT systems.

Cyber SecurityInformation Technology

No H1B

Security Clearance Required

Responsibilities

Create, review, update, and validate cybersecurity Standard Operations Procedures (SOPs) as required

Review and maintain an inventory of authorized software (software custodian)

Review and maintain an inventory of government furnished devices and media

Ensure configurations on laptops and servers are validated prior to being deployed (as required)

Audit and validate configurations of network devices based on STIGs, or defining and implementing compensating controls of such STIGs as required to ensure mission execution

Maintain and update all RMF and A&A documentation to ensure relevancy and alignment with the cyber OT&E mission assets to include required revisions and updates in eMASS

Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset, networks, and/or systems

Ensure traceability is maintained throughout the RMF submission process (e.g., A&A plan, Plan Of Action and Milestones (POA&M), Security Assessment Report (SAR), topology, software, ports protocols and services, test plan)

Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON / DADMS

Maintain documentation and registration of network ports, protocols, and services

Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP)

Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation

As a member of the Configuration Control Board (CCB), ensure CCB approved changes are timely and accurately reflected in the A&A documentation

Support compliance validation of current and future directives (e.g.: IAVs, STIGs, TASKORD/CTOs)

Provide recommendations for corrective action of any non-compliant security controls

Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with eh DoD Instruction 8510 series, Risk Management Framework for DoD systems

Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current

Prepare reports on scanning results and configuration management observations monthly

Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions

Conduct and document a semi-annual tabletop exercise Twice in a calendar year

Produce test plans, draft after actions and other documents for review and comment

Review and/or revise Business Impact Analysis (BIA) to include business process, IT dependency, and physical security assessments annually

Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance, and produce checklists for IT systems

Assist with exercise and/or training and documentation of IT contingency plan and execution Able to work alone or in a small group to resolve tasks independently with minimal supervision

Adhere to guidance outlined in RMF Process Guide <https://portal.secnav.navy.mil/orgs/OPNAV/N2N6/DDCION/N2N6BC4/RMF/SitePages/Home.aspx>

Qualification

Risk Management Framework (RMF)Cybersecurity Standard Operations ProceduresDoD TS security clearanceProject managementCybersecurity architectureSecurity controls assessmentConfiguration managementDISA STIG validationsIT tools proficiencyAnalytical skillsDocumentation skillsTeam collaboration

Required

Minimum 5 years' experience designing enterprise and systems security throughout the development lifecycle

Minimum 3 years' experience conducting thorough assessments of management, operational, and technical security controls within IT systems

Minimum 3 years' experience providing project management, subject matter expertise, and hands-on experience for systems certification and accreditation efforts in accordance with applicable DOD and DON policies and guidance

Must have a current and active DoD TS security clearance with the ability to obtain a SCI clearance

Proficient with modern IT tools and infrastructure technologies

Preferred

Knowledge of the organization's enterprise information security architecture system

Ability to design and integrate security architectures and frameworks

Skill in translating technology and environmental conditions (e.g., laws, regulations) into security designs and processes

Knowledge of integrating organizational goals into security architecture

Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., defense-in-depth)

Skill in designing multi-level security and cross-domain solutions

Knowledge of cybersecurity-enabled software products and how they fit into security designs

Perform comprehensive assessments of management, operational, and technical security controls and enhancements

Document and address information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition lifecycle

Evaluate security architectures and designs to determine their adequacy

Develop and integrate cybersecurity designs for systems and networks with multilevel security requirements up to TS/SCI

Define and document the impact of new systems or interfaces on the security posture of the environment

Develop as needed, security compliance processes and/or audits for external services (e.g., cloud service providers)

Provide project management and subject matter expertise in the Cyber OT&E test infrastructure and toolset certification and accreditation efforts

Employ secure configuration management processes and ensure systems and architectures align with cybersecurity guidelines

Provide advice on project costs, design concepts, and design changes

Skill in applying cybersecurity methods such as firewalls, demilitarized zones, and encryption

Knowledge of IT architectural concepts, including baseline and target architectures

Knowledge of key telecommunications concepts and principles

Knowledge of network systems management principles and tools

Knowledge of Cloud-based knowledge management technologies related to security and administration

Skill in using PKI encryption and digital signatures

Document and update architecture and related activities

Translate proposed capabilities into technical requirements and security requirements into application design elements

Provide input to the Risk Management Framework process and related documentation

Knowledge of Personally Identifiable Information (PII) data security standards and program protection planning

Knowledge of local specialized system requirements (e.g., critical infrastructure) and network security principles

Ability to optimize systems to meet enterprise performance requirements

Skill in using design methods and developing data management capabilities

Benefits

Medical, dental, vision, life, accident, and critical illness insurance

401(k) immediate vesting and match

Paid time off and company holidays

Generous tuition & training support

Relocation assistance

Sign-on and performance-based bonuses

Employee referral program

Access to Tickets at Work, EAP, wellness initiatives, and more

Company

Cambridge International Systems, Inc.

At Cambridge International Systems, Inc. we design and deliver innovative and adaptive solutions to address capacity-building needs and enable success.

Founded in 1994

Arlington, Virginia, USA

201-500 employees