Falconwood is a woman-owned / veteran-owned company providing consultation and programmatic support to Department of Defense (DoD) Information Technology (IT) initiatives and programs. We provide expert advice and consultation on a diverse range of IT subjects, focusing on acquisition, cybersecurity, engineering, logistics, and process development.
We have an immediate opening for a Cybersecurity RMF Analyst to support the Navy Enterprise Resource Planning (ERP). The successful candidate will perform the complete DoD RMF Assessment and Authorization (A&A) process, to include system categorization, security control baseline selection and tailoring, security control implementation and assessment. They will also get to perform continuous RMF monitoring including annual control assessments, POA&M monitoring and updates, creation and/or updating of security documentation, and development of mitigations for non-fully compliant controls. This position is based at the Washington Navy Yard and requires Secret Clearance.
Responsibilities
Assess the system effectiveness and compliance against National Institute of Standards and Technology (NIST) and DoD security requirements to include the NIST 800-53A controls and Defense Information Systems (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
Perform DISA STIG implementation assessments on IT platforms and applications.
Research vulnerabilities, originating from various sources, for impacts and perform risk assessments of vulnerabilities and develop effective written mitigations to reduce felt risk.
Produce evidence to support compliance status of NIST and DoD security requirements in an Amazon Web Services (AWS) environment.
Develop, update, and review RMF documentation to include System Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports and interact with these documents in the Government eMASS system.
Complete Navy RMF processes as identified in the RMF Process Guide (RPG) and Security Control Assessor (SCA) Risk Assessment Guide (RAG).
Perform continuous monitoring activities.
Comply with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) Instructions.
Required to use the automated RMF A&A tools, such as Enterprise Mission Assurance Support Service (eMASS), to complete and document DoD compliant RMF A&A activities.
Oversee efforts to enhance security and reliability to ensure data shared with partner systems is properly protected.
Provide weekly status reports and perform other related duties as assigned.
Qualifications
Must have an Active SECRET DoD Security Clearance.
Must have a Bachelor's Degree.
Must have minimum of three (3) to five (5) years' experience in Information Security / Information Assurance / Cybersecurity analysis supporting systems, networks, applications, and cross-domain solutions.
Must have in-depth knowledge of and will have successfully implemented NIST, DoD, and Navy Cybersecurity policies, guidance, and standards (e.g., DoDI 8510.01, FIPS-199, FIPS-200, NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, etc.).
Must have experience with RMF/A&A and Cybersecurity policy development; explicitly Steps 4 (implement), 5 (assess), and 7 (monitor).
Must perform independently and/or as part of a team to move the mission forward.
Must communicate effectively in writing and verbally.
Must be a self-starter and take ownership, responsibility, and initiative for the successful and timely completion of all tasks and areas assigned.
Must meet SECNAV M-5239.2 Cybersecurity Workforce Credential requirements of IAT or IAM Level III, one of the following certifications: Security + ce, Certified Information Security Manager (CISM); Certified Information Systems Security Professional (CISSP); CompTIA Advanced Security Practitioner (CASP+); or GIAC Security Leadership Certification (GSLC).
Must balance multiple projects to meet tight deadlines and customer satisfaction.
Experience using the automated RMF Assessment and Authorizations (A&A) tools, such as eMASS, to complete and document DoD compliant RMF A&A activities.
Preferred experience communicating, briefing, and working with senior level government and / or industry leadership.
Preferred experience with large System Analysis Program (SAP) Enterprise Resource Planning (ERP) system cybersecurity.