RMF Cyber Analyst / Information System Security Manager (ISSM)

Ôasys - Huntsville, AL

posted 3 months ago

Full-time - Mid Level
Huntsville, AL
Professional, Scientific, and Technical Services

About the position

OASYS, INC., a leading-edge government contractor, is seeking applicants for the position of RMF Cyber Analyst / Information System Security Manager (ISSM) to support our Army customer in Huntsville, AL. The ISSM will play a critical role in reviewing RMF Assessment and Authorization documentation, standard operating procedures, policies, and security instructions for both networked and stand-alone computer systems, which include both traditional IT and Operational Technology (OT) systems. This position requires oversight and guidance for multiple systems, ensuring compliance with established security protocols and standards. The ISSM will be responsible for documenting security findings, incident response activities, and compliance efforts. This includes developing artifacts for upload to the Enterprise Mission Assurance Support Service (EMASS) in accordance with Army/AMC standards and regulatory requirements. The candidate must possess a foundational understanding of Operational Technology and be able to articulate the Purdue Model and its implementation. Responsibilities also include completing inventories of OT systems in accordance with EXORD 141-18 and AMC directives, participating in security assessments of IT/OT systems, identifying vulnerabilities, and recommending mitigation strategies. In addition, the ISSM will conduct audits to ensure that IT/OT systems security policies and procedures are implemented as defined in security plans and best practices. The role involves performing detailed analyses to validate established IT/OT security requirements and recommending additional security requirements and safeguards. The ISSM will establish strict program control processes and policies to mitigate risks and support the certification and accreditation of systems using AMC RMF processes. The position also requires assisting in developing security documentation for upload to EMASS, ensuring accuracy, completeness, and compliance with AMC RMF requirements. The ISSM will provide leadership and threat mitigation training techniques to stakeholders and administer FRCS/BCS systems in accordance with DoD/Army guidelines. Participation in Operational Planning Teams (OPT) and Working Groups with DoD/Army/AMC stakeholders, program managers, and security teams is also expected, documenting security requirements, concerns, and resolutions to support the successful delivery of IT/OT solutions.

Responsibilities

  • Review RMF Assessment and Authorization documentation, standard operating procedures, policies, and security instructions for networked and stand-alone computer systems.
  • Document security findings, incident response activities, and compliance efforts.
  • Develop artifacts for upload to EMASS in accordance with Army/AMC standards and regulatory requirements.
  • Execute duties of Information System Security Officer per DA PAM 25-2-14.
  • Complete inventories of OT systems IAW EXORD 141-18 and AMC directives/guidance.
  • Participate in security assessments of IT/OT systems, identifying vulnerabilities and recommending mitigation strategies.
  • Identify deviations from acceptable configurations, enterprise policy, or local policy in IT/OT systems/networks.
  • Conduct audits to ensure IT/OT systems security policies and procedures are implemented as defined in security plans and best practices.
  • Perform detailed analyses to validate established IT/OT security requirements and recommend additional security requirements and safeguards.
  • Establish strict program control processes and policies to ensure mitigation of risks and support obtaining certification and accreditation of systems using AMC RMF processes.
  • Assist in developing security documentation for upload to EMASS, ensuring accuracy, completeness, and compliance with AMC RMF requirements.
  • Perform IT/OT evaluations (compliance audits) and/or active evaluations (vulnerability assessments).
  • Provide leadership and threat mitigation training techniques to stakeholders.
  • Administer FRCS/BCS systems in accordance with DoD/Army guidelines.
  • Participate in Operational Planning Teams (OPT) and Working Groups with DoD/Army/AMC stakeholders, documenting security requirements, concerns, and resolutions.

Requirements

  • Bachelor's Degree or higher in Engineering, Cyber, Computer Information Systems, Computer Science, Math, Physics, or other STEM discipline.
  • 10+ years of experience in a related field.
  • Security+ CE or higher certification.
  • DoD 8570 Certification.
  • Strong verbal and written communication skills.
  • Experience supporting DoD RMF process and eMASS.
  • Experience determining and assessing vulnerabilities including planning, testing, and documenting (DoD) accreditation packages for IT systems and networks, specifically within RMF.

Nice-to-haves

  • ISC2 CISSP certification.
  • ISACA CISM certification.
  • Working knowledge of ACAS, DISA STIGS, and STIG-Tools.
  • Active Secret clearance.

Benefits

  • Disability insurance
  • Dental insurance
  • 401(k)
  • Flexible spending account
  • Tuition reimbursement
  • Vision insurance
  • 401(k) matching
  • Employee stock ownership plan

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service