Cybersecurity RMF Analyst

📋 Description

• Evaluate the cybersecurity standards and practices of cloud-based systems in accordance with FedRAMP, DoW, and DHA requirements.

• Document the cybersecurity posture to support the RMF process.

• Facilitate the progression of multiple information systems through the RMF process while maintaining accreditations through continuous monitoring and annual reviews.

• Provide innovative solutions to complex challenges that require expertise and creativity.

• Act as a Subject Matter Expert (SME) on one or more technologies/skills associated with A&A activities and documentation.

• Engage in sessions focused on identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies.

• Stay informed about evolving security and risk management standards.

• Create, update, and/or review RMF documentation, including IV&V results, Risk Assessment Reports, and POA&M development.

• Create, update, and/or review cybersecurity documentation for cloud-native services.

• Assess system compliance with NIST, DoW, and DHA security requirements.

• Generate evidence as required to support compliance status with NIST and DoW.

• Review and evaluate authorization boundary diagrams, service architecture diagrams, data flow diagrams, and hardware and software inventories.

• Analyze vulnerability scans of information systems.

⛳️ Requirements

• Bachelor's Degree and ten (10) years of experience in Cybersecurity / Information Technology, or eighteen (18) years of hands-on experience in Cybersecurity / Information Technology in lieu of a degree.

• Active DoW Secret security clearance.

• Certification compliant with DoW 8570.

• Proven experience in assessing, managing, engineering, or architecting cloud technologies from major providers such as Microsoft, Amazon, or Google.

• A cloud-related certification, such as Google Certified Professional Cloud Architect, Microsoft Azure Fundamentals, AWS Certified SysOps Administrator, or ServiceNow Certified Administrator.

• Experience with the Risk Management Framework.

• Familiarity with RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes.

• Experience working within the DoW.

• Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs.

🏝️ Benefits

• 401K plan with company match.

• Medical, dental, and vision insurance.

• Life insurance.

• Accidental Death & Dismemberment (AD&D) insurance.

• Flexible spending account.

• Disability insurance.

• Paid time off.

• Flexible work schedule.

• Opportunities for professional training and development.