CACI International - Chantilly, VA
posted about 2 months ago
As the RMF Subject Matter Expert (SME) at CACI, you will play a crucial role in the identification and implementation of information assurance and cybersecurity requirements. This position requires a deep understanding of the Risk Management Framework (RMF) as outlined by NIST, along with experience in threat analysis, vulnerability management, and the accreditation and authorization processes necessary to shepherd projects through to Authority to Operate (ATO) approval. You will be part of a dedicated cybersecurity team that employs proven solutions to manage, monitor, and respond to cyber threats effectively. Your responsibilities will include conducting cyber assessments, event monitoring, incident response, and implementing preventative measures to isolate and mitigate cyber threats. In this role, you will assess technologies, processes, and practices designed to protect networks, devices, programs, and data from malicious attacks, damage, or unauthorized access. You will assist in delivering and maintaining security-compliant systems in accordance with Department of Defense (DoD) cybersecurity requirements. Your oversight will extend to security control implementation methodologies within the A&A process, ensuring that all documentation is thorough and up to date. You will fully support the RMF process from end to end, managing a comprehensive book of artifacts that includes System Security Plans, Security Assessment Plans, Contingency Plans, and Risk Assessment Plans. You will also be responsible for briefing stakeholders on strategic plans and the implementation of RMF and cybersecurity policies and procedures. Your analytical skills will be put to the test as you review the program's cybersecurity processes and security control implementations, analyze vulnerability scan reports, assess security threats, and assist team members in developing and tracking remediation strategies. Additionally, you will support vulnerability management efforts and provide updates on remediation activities, assist with contingency planning, and conduct incident response training and exercises. Your role will involve reviewing DoD Information Assurance Vulnerability Management (IAVM) alerts and collaborating with engineers, administrators, and developers to remediate identified issues. Communication will be key as you ensure compliance with security regulations, policies, and requirements, and ensure that teams meet security and privacy awareness training requirements.