Risk Management Framework Specialist with Security Clearance
Posted on: November 10, 2019
Job Description CACI isseeking a Risk Management Framework
Specialist to support the RMF assessment process for all Military
Sealift Command Integrated Business Systems) in Chesapeake
Virginia. POSITION SUMMARY: This position will be responsible for
providing expert level support in the implementation of the Risk
Management Framework (RMF) in accordance with the National
Institute of Standards and Technology (NIST). As an RMF Specialist,
assist MSC-IBS perform Cybersecurity Engineering, Information
Assurance, Vulnerability analysis, risk remediation, and the
implementation of cybersecurity controls within DoD - Systems,
supporting current and future MSC Business System Platforms.
Possesses an in-depth understanding of computer security, military
system specifications, DoD cybersecurity policies, and the ability
to communicate clearly and succinctly in written and oral
presentations. Possesses an in-depth understanding of the DoD
Information Assurance Certification and Accreditation Process
(DIACAP), Risk Management Framework (RMF), Platform IT (PIT), and
the implementation of Cybersecurity and IA boundary defense
techniques and various IA-enabled appliances. The selected
candidate will be a motivated individual who works well as part of
a multi-disciplinary team across multiple locations within a
Development, Security and Operations (DeSecOps). The selected
candidate shall experience in the Authorization (A&A)
processes, and implementation of the Risk Management Framework
(RMF) process from start to finish and experience must include a
deep understanding of DoDI 8510.01 implementation in updating,
creating and maintaining RMF packages through all process steps.
What You'll Get to Do: * Develop Risk Management Framework (RMF)
accreditation artifact documentation to include Plan of Action and
Milestones (POA&M), Mitigation Strategies, Risk Assessment
Report (RAR), and Security Assessment Report.
* Serve as Cyber Security Engineer with DIACAP and/or RMF
experience who has deep expertise in security assessment
documentation to support DoD systems and efforts to achieve their
Authorization to Operate (ATO).
* The scope of this position includes full life-cycle Assessment
and Authorization (A&A) management through all 6 Steps of the
RMF process in support of the Government ISSM.
* Support activities in accordance with NIST 800.53 that support
systems from the perspective RMF requirements.
* Review systems to identify potential security weaknesses and
recommend improvements to amend vulnerabilities, implement changes,
and document upgrades.
* Maintain responsibility for managing cybersecurity risk from an
* Prepare and review documentation, including Systems Security
Plans (SSPs), risk assessment reports, certification and
accreditation (C&A) packages, and plan of actions and
* Prepare system security plan (SSP) in accordance with the
applicable governing directive for systems and ensure all networks
are maintained respective to SSPs.
* Review and validate security documentation to ensure necessary
security controls are in place and operating as intended.
* Review and maintain vulnerability scanning tool compliance and
reporting to ensure compliance with all applicable directives.
* Provide cybersecurity analysis, with a focus on Assessment and
Authorization (A&A), under the implementation of the Risk
Management Framework (RMF).
* In-depth reviewing of authorization packages and artifacts in the
Enterprise Mission Assurance Support Service (eMASS) at RMF Steps
1, 2, and 5.
* Track authorization to operate (ATO) statuses and authorizations
with conditions, of the MSC Business Systems.
* Draft and review cybersecurity policy documents that affect the
MSC Business systems.
* Review completed Assured Compliance Assessment Solution (ACAS)
scans and Security Technical Implementation Guide (STIG) checklists
submitted for RMF Step 5 Checkpoint and modification request
* Validate all findings from raw scans are documented.
* Analyze vulnerabilities in raw scans and determine if documented
mitigations are appropriate.
* Ensure all manual reviews are completed in STIG checklists, and
that any not applicable (N/A) statements are appropriate.
* Make determinations if there are risk posture changes when system
modifications are requested for authorized systems.
* ?Author and update Security Assessment Plan (SAP), perform
vulnerability analysis of DoD systems and identify, report and
resolve security violations.
* Perform validation of Navy A&A packages, plan and execute
* Limited travel may be required. You'll Bring these
Qualifications: * A Bachelor's Degree in a technical field with at
least two years of experience in Risk Management Framework
processes. Experience may be substituted in lieu of a degree.
* Cybersecurity Credential at or above one of the following DoD
Directive 8570.01 requirements:
* IAT Level II (e.g., Security + CE, CCNA Security),
* At least 2 years- experience in the development and accreditation
of Risk Management Framework-impacted systems or equipment that led
to successful attainment of an Authorization to Operate (ATO).
* US Citizenship required
* US Government Secret security clearance or ability to obtain
* Excellent verbal and written communications skills What We Can
Offer You: * We've been named a Best Place to Work by the
Washington Post * Our employees value the flexibility at CACI that
allows them to balance quality work and their personal lives * We
offer competitive benefits and learning and development
opportunities * We are mission-oriented and ever vigilant in
aligning our solutions with the nation's highest priorities * For
over 55 years, the principles of CACI's unique, character-based
culture have been the driving force behind our success Job Location
US-Chesapeake-VA-NORFOLK-VIRGINIA BCH CACI employs a diverse range
of talent to create an environment that fuels innovation and
fosters continuous improvement and success. At CACI, you will have
the opportunity to make an immediate impact by providing
information solutions and services in support of national security
missions and government transformation for Intelligence, Defense,
and Federal Civilian customers. CACI is proud to provide dynamic
careers for employees worldwide. CACI is an Equal Opportunity
Employer - Females/Minorities/Protected Veterans/Individuals with
Keywords: CACI, Chesapeake , Risk Management Framework Specialist with Security Clearance, Executive , Chesapeake, Virginia
Didn't find what you're looking for? Search again!