Cyber Security Analyst/RMF SME

$109,800 - $241,600/Yr

CACI International - Chantilly, VA

posted about 2 months ago

Full-time - Mid Level
Chantilly, VA
Professional, Scientific, and Technical Services

About the position

As the RMF Subject Matter Expert (SME) at CACI, you will play a crucial role in the identification and implementation of information assurance and cybersecurity requirements. This position requires a deep understanding of the Risk Management Framework (RMF) as outlined by NIST, along with experience in threat analysis, vulnerability management, and the accreditation and authorization processes necessary to shepherd projects through to Authority to Operate (ATO) approval. You will be part of a dedicated cybersecurity team that employs proven solutions to manage, monitor, and respond to cyber threats effectively. Your responsibilities will include conducting cyber assessments, event monitoring, incident response, and implementing preventative measures to isolate and mitigate cyber threats. In this role, you will assess technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attacks, damage, or unauthorized access. You will assist in delivering and maintaining security-compliant systems in accordance with Department of Defense (DoD) cybersecurity requirements. Your oversight will extend to security control implementation methodologies within the A&A process, ensuring that all documentation is thorough and up to date. You will fully support the RMF process from end to end, managing a comprehensive book of artifacts that includes System Security Plans, Security Assessment Plans, Contingency Plans, and Risk Assessment Plans. You will also be responsible for briefing stakeholders on strategic plans and the implementation of RMF and cybersecurity policies and procedures. Your analytical skills will be put to the test as you review the program's cybersecurity processes and security control implementations, analyze vulnerability scan reports, assess security threats, and assist team members in developing and tracking remediation strategies. Additionally, you will support vulnerability management efforts and provide updates on remediation activities, assist with contingency planning, and conduct incident response training and exercises. Your role will involve reviewing DoD Information Assurance Vulnerability Management (IAVM) alerts and collaborating with engineers, administrators, and developers to remediate identified issues. Communication will be key as you ensure compliance with security regulations, policies, and requirements, and ensure that teams meet security and privacy awareness training requirements.

Responsibilities

  • Assess technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attacks, damage, or unauthorized access.
  • Assist in delivering and maintaining security-compliant systems in accordance with DoD cybersecurity requirements.
  • Oversee security control implementation methodologies in the A&A process.
  • Fully support the Risk Management Framework process end-to-end, managing a comprehensive book of artifacts.
  • Support development and assembly of A&A documentation such as System Security Plans, Security Assessment Plans, Contingency Plans, and Risk Assessment Plans.
  • Brief stakeholders on strategic plans and implementation of RMF and cybersecurity policies and procedures.
  • Review the program's cybersecurity processes and security control implementations.
  • Analyze vulnerability scan reports, assess security threats, and assist team members in developing and tracking remediation strategies.
  • Support vulnerability management and provide updates on remediation activities.
  • Assist with contingency planning and incident response training and exercises.
  • Review DoD Information Assurance Vulnerability Management (IAVM) alerts and work with engineers, administrators, and developers to remediate identified issues.
  • Communicate security regulations, policies, and requirements to ensure compliance.
  • Ensure teams comply with security and privacy awareness training requirements.

Requirements

  • 10+ years of demonstrated experience in the application of NIST RMF guidance, DISA STIGs, Privacy Act, or DoD regulations, instructions, manuals, checklists, and guides for cybersecurity.
  • Experience writing and reviewing RMF artifacts.
  • Understanding of information and networking security requirements for Federal government, Department of Defense, or intelligence community.
  • Experience using tools such as SonarQube, JFrog XRAY, eMASS, ACAS, WebInspect, Nessus, Static Code Analysis, Burp Suite, or similar tools.
  • Experience performing vulnerability management activities including analysis, preparing recommendations, or remediation.
  • Detail-oriented with sound judgment, able to review the work of others and detect errors or needed modifications.
  • Excellent oral and written communication skills, able to communicate clearly and concisely to both technical and non-technical audiences.
  • Experience in monitoring and testing IT systems for vulnerabilities and indicators of compromise.
  • Experience in configuring or validating secure systems.
  • Active TS/SCI clearance.

Benefits

  • Healthcare coverage
  • Wellness programs
  • Financial benefits
  • Retirement plans
  • Family support programs
  • Continuing education opportunities
  • Flexible time off benefits
  • Learning and development opportunities
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service