Chenega Professional Services Strategic Business Unit · 19 hours ago
Cybersecurity Specialist (RMF)
Norfolk, VA
Full-time
Onsite
Mid LevelChenega Professional Services is looking for a Cybersecurity Support Specialist (RMF) to support the Department of Navy’s Commander, Operational Test and Evaluation Force (COMOPTEVFOR). The role involves assisting in the development, review, endorsement, and maintenance of cybersecurity certifications and accreditations, as well as providing technical support for the Risk Management Framework (RMF) Assessment and Authorization process.
Defense & Space
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Assist the Information Systems Security Manager (ISSM) in the development, review, endorsement and maintenance of cybersecurity certifications and accreditations
Act as the Information System Security Engineer (ISSE) by providing technical support for the Risk Management Framework (RMF) Assessment and Authorization (A&A) process
Create, maintain, review, and update all RMF and A&A documentation to ensure relevancy and alignment with OPTEVFOR CIO Division mission assets to include required revisions and updates in Enterprise Mission Assurance Support Service (eMASS)
Maintain and report on the status of all outstanding A&A items and supporting documentation
Inventory and documentation of hardware/software/firmware within assessment boundary
Develop Continuous Monitoring Strategy
Identify and tailor the security control baseline with applicable overlays within eMASS and ensure all required security controls are implemented and eMASS artifacts uploaded
Assist the ISSM/ ISSO in the development or modification of the hardware/software/firmware list, Security Assessment Plan (SAP), and eMASS POA&M
Ensure ACAS automated vulnerability scans are completed on all assets with-in assessment boundary and establish hardened baseline configuration with consistent, repeatable successful results
Ensure system(s) are DISA STIG compliant - through audits, SCAP scripts, and manual checks
Ensure data entered into the eMASS record and POA&M is consistent with implementation results
Detail all relevant mitigation and remediation activities to vulnerabilities noted on the RMF POA&M through the Change Management Process
Ensure all RMF documentation is updated based on change and vulnerability management efforts
Perform continuous security reviews of RMF Security Controls (per approved continuous monitoring strategy)
Support the development of the Plan of Action and Milestones (POA&M) and the development and update of the Security Authorization Package (SAP)
Assemble all required documentation as outlined by the ISSM for the RMF packages
Assess security controls, Security Technical Implementation Guides (STIGs), and Assured Compliance Assessment Solution (ACAS) scans in accordance with governing policies for servers, networking equipment, workstations, etc
Process, maintain compliance, and verify completion of ACAS, STIG, and SCAP files, report any open findings or vulnerabilities to the program, propose and implement mitigations as required and construct necessary POA&M when required
Maintain cyber security compliance for all OPTEVFOR systems using Vulnerability Remediation Asset Manager (VRAM) and Assured Compliance Assessment Solution (ACAS) by running daily ACAS vulnerability reports, updating ACAS plug-ins daily, and uploading ACAS reports to VRAM
Assist with vulnerability mitigation, remediation, and troubleshooting of OPTEVFOR assets
Administer the ACAS server, by applying updates to the ACAS application and Linux operating system as required and by configuring as per the DISA Best Practice Guide (BPG)
Create, review, and update Cybersecurity Standard Operations Procedures (SOPs) and policies as required
Administer and monitor Host Based Security System (HBSS) servers to maintain optimum operating status and install required server and client updates to HBSS components within mandated time-lines
Make approved policy changes to HBSS configuration when required
Provide a weekly status report which contains the progress of work on assigned tasks and future work plans for the upcoming week
Other duties as assigned
Qualification
Required
Must have the proper and current cyber security qualifications to perform IT privileged administrative functions in accordance with the DoD Cyberspace Workforce Framework (DCWF) and the DoDM 8140.03, CYBERSPACE WORKFORCE QUALIFICATION AND MANAGEMENT PROGRAM
Associate degree or higher from an accredited college or university. When used to satisfy the foundational portion of qualification, the degree must be conferred within the past 5 years by an institution of higher education that is accredited by a nationally-recognized accreditor, unless continuous work in the relevant discipline can be demonstrated
Training: Offerings listed in DoD 8140 Training Repository (https://dl.cyber.mil/cwmp/xls/DoD_8140_Cyberspace_Training_Repository.xlsx)
Personnel Certification: (ISC)2 CERTIFIED AUTHORIZIATION PROFESSIONAL or COMPTIA ADVANCED SECURITY PRACTITIONER or EC-Council Certified Chief Information Security Officer (CCISO) or (ISC)2 CERTIFIED CLOUD SECURITY PROFESSIONAL (CCSP) or ISACA Certified Information Security Manager (CISM) or (ISC)2 Certified Information Systems Security Professional (CISSP) or CompTIA Cloud+ or (ISC)2 SYSTEMS SECURITY CERTIFIED PRACTITIONER (SSCP)
Active Secret security clearance
Preferred
Excellent written and oral communication skills
Benefits
Robust employee benefits program
Management engagement
Quality leadership
Atmosphere of teamwork
Recognition for performance
Promotion opportunities
Company
Chenega Professional Services Strategic Business Unit
The Professional Services Strategic Business Unit (PS SBU) specializes in providing Information Technology, Health and Scientific, Engineering and Technical Support, Professional Management and Administrative Services to Federal Government Civilian Agencies.
1001-5000 employees
Funding
Current Stage
Late StageLeadership Team
Paul Handly, MSMIT, CSM, SGP, SA, SPC
Chief Technology Officer, Professional Services Strategic Business Unit
Company data provided by crunchbase