Cybersecurity RMF Analyst

Overview:

Falconwood is a woman-owned / veteran-owned company providing consultation and programmatic support to Department of Defense (DoD) Information Technology (IT) initiatives and programs. We provide expert advice and consultation on a diverse range of IT subjects, focusing on acquisition, cybersecurity, engineering, logistics, and process development.

We have an immediate opening for a Cybersecurity Risk Management Framework (RMF) Analyst to support the Navy Enterprise Resource Planning (ERP). The successful candidate will perform the complete DoD RMF Assessment and Authorization (A&A) process, to include system categorization, security control baseline selection and tailoring, security control implementation and assessment. They will also get to perform continuous RMF monitoring including annual control assessments, POA&M monitoring and updates, creation and/or updating of security documentation, and development of mitigations for non-fully compliant controls. This position is based at the Washington Navy Yard and requires an active secret clearance.

Responsibilities:

The candidate must have the knowledge skills and abilities required to complete Navy RMF processes as identified in the RMF Process Guide, Supply Chain Assessment - Red, Amber, Green (SCA RAG), and CyberSafe:

• Perform the complete DoD RMF Assessment and Authorization (A&A) process, to include system categorization, security control baseline selection and tailoring, security control implementation and assessment.
• Assess the effectiveness of cybersecurity controls In Accordance With (IAW) National Institute of Standards and Technology (NIST) SP 800-53A and effectively document weakness.
• Successfully complete NIST SP 800-30, compliant risk assessments.
• Must have experience using the automated RMF Assessment and Authorizations (A&A) tools, such as Enterprise Mission Assurance Support Service (eMASS), to complete and document DoD compliant RMF A&A activities.
• Support the System Level Continuous Monitoring (SLCM) activities involve ongoing assessment of an organization's systems to ensure compliance and identify risks. These activities typically include continuous auditing, controls monitoring, and transaction inspection to detect inconsistencies, errors, POA&M monitoring and updates, creation and/or updating of security documentation, and development of mitigations for non-fully compliant controls. and policy violations.
• Maintain the Navy ERP continuous monitoring IAW DoD Inst and DoN CIO Guide (Risk Management Framework Process Guide).
• Assist in the development of cybersecurity related documentation and other artifacts required to successfully navigate an information system through the DoD/Navy acquisition process.
• Execute processes and develop artifacts required to obtain DoD and Navy IATTs, ATOs and Use Case approvals.
• Perform Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIG) vulnerability management (identifying, tracking, remediation, mitigation, and exception management).
• Successfully complete NIST SP 800-30, compliant risk assessments.
• Coordinate Asset Management (Hardware and Software) activities.
• Review Interconnection Agreements (Memorandum of Understanding and Service Level Agreements).
• Coordinate Cyber to identify why issues are not being resolved.

Qualifications:

• Required a bachelor's degree in technology.
• Required having 3-5 years of experience performing Cybersecurity RMF A&A and RMF continuous monitoring.
• Must have enterprise Systems, Applications, and Products in Data Processing (SAP) ERP system cybersecurity experience.
• Must have the ability and willingness to perform independently and/or as part of a team to move the mission forward.
• Must have the ability to communicate effectively in writing and verbally.
• The candidate must be a self-starter by taking responsibility and initiative for the successful and timely completion of all tasks and areas assigned.
• The candidate must have in-depth knowledge of and will have successfully implemented NIST, DoD, and Navy Cybersecurity policies, guidance and standards, e.g. DoDI , FIPS-199, FIPS-200, NIST SP 800-37, NIST SP 800-53, Rev x, NIST SP 800-53A, NIST SP 800-34, NIST SP 800-18, NIST SP 800-30, NIST SP 800-64, CNSSI-1253, The Enterprise IT Control Standards (EITCS), etc.
• The candidate must be certified to meet IAT Level 1 CSWF requirements, i.e.: "CURRENT" Isc2's CISSP, Security + certifications, or equivalent.
• SECRET security clearance with favorably adjudicated T5 (SSBI) background investigation.

Pay Range:

120 to 130k