HQ ATL

  • Senior RMF Cybersecurity Engineer

    Posted Date 2 weeks ago(5/9/2018 4:51 PM)
    ID
    2018-1445
    # of Openings
    1
    Location Type
    CONUS
    Location
    US-VA-Springfield
  • Overview

    Envistacom is a privately held technology company that provides counterterrorism, cybersecurity and communications solutions to U.S. and coalition partners in the aerospace, defense and intelligence communities. Customers rely on Envistacom for innovative technology and subject-matter expertise to achieve their missions in identifying and defeating global threats. Envistacom is a trusted partner in protecting military personnel, civilians and critical infrastructure around the world


    The Senior RMF Cybersecurity Engineer will work with a team of Senior Cybersecurity specialists to provide expert consultation across a wide range of cross-functional areas of Cyber Security in support of the Army’s mission. The Cybersecurity Engineer (Senior) will provide project planning, guidance and technical expertise in the following areas: Cyber Security engineering program, policy, process, and planning; risk management, auditing, and assessments; Assessment and Authorization (A&A) using the DoD Risk Management Framework (RMF) guidelines; and quality planning and control.

    Requirements:

    Minimum Qualifications:

    • United States Citizen that holds an Active DoD Top Secret/ SSBI and be eligible for a CI Poly
    • Verifiable IAM Level III Certification ( CISSP, CISM, or GSLC )
    • Five (5) years of RMF experience
    • Ten (10) years of demonstrated Cyber Security Engineering and technical experience

    Knowledge, Skills, and Abilities:

    • Working knowledge of current NIST Federal Information Processing Standards (FIPS) and Special Publications (SP): SP800-18, SP800-37, SP800-53r4, SP800-53A, SP800-60, FIPS-199, FIPS-201 and FIPS-140-2, and other policies and applications to enterprise IT security.
    • Ability to plan, organize, and direct long range studies
    • Strong interpersonal and communication skills

    Hands-on Experience using the following Tools:

    • eMASS
    • DISA Security Requirements Guide (SRG)
    • DISA Security Technical Implementation Guides (STIG)
    • HBSS or ESS
    • ACAS

    Responsibilities:

    Lead and manage Cyber Security team in an operations and maintenance environment. Use industry best practices in cyber security and security engineering related to vulnerability management, intrusion. Assist with development and maintaining Memorandum of Agreement (MOA) and end-to- end Standard Operating Procedures (SOPs) to identify collaborative responsibilities and support process interaction with Army and other Government agencies. Develop and maintain a detailed policy matrix mapping DoD, and agency policies to the required security controls as identified by DoDI 8510 DoD RMF. Documents include but are not limited to: Standard Operating Procedures (SOPs) Agency Training (e.g., cyber awareness, computer incidents, malicious codes, etc.).

    Advise system owners on all matters, technical and otherwise, involving the security of assigned capabilities and systems. Develop standard operating procedures in accordance with security control requirements. Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly, operating as intended and producing the desired outcome with respect for meeting the cybersecurity requirements for assigned capabilities. Work with technical teams to mitigate security control deficiencies for assigned capabilities. Assess the cybersecurity impact of changes to assigned capabilities. Conduct self-assessments of security controls, identify weaknesses and track remediation activities in Plan of Action and Milestones (POA&M).

    Conduct technical vulnerability assessments and prioritize and track remediation efforts. Provide the required system access, information, and documentation to security assessment and audit teams. Participate in security assessments and audits for assigned systems and facilitate obtaining evidence for data requests. Complete required A&A (Assessment and Authorization) activities on assigned IT systems. Assist federal staff in assessing new applications, identifying applicable DoDI RMF requirements and advising system owners of the process.

    Perform ISSO tasks in accordance with DoDI 8510 requirements. Ensure that the appropriate operational cybersecurity posture is maintained for assigned capabilities.

    Develop, update and maintain the System Security Plan (SSP) for assigned systems to include:

    • Federal Information Processing Standard (FIPS) Information Types
    • Interconnection Security Agreements
    • Plan of Action & Milestones (POA&M) and Privacy Impact Assessments (PIA)
    • Risk Assessments and Continuous Monitoring Plan
    • Configuration Management Plan, Contingency Plan and Contingency Plan tests
    • Incident Response Plans and Incident Response Plan tests
    • Security control baselines and Security control inheritance
    • Security Impact Analyses, Business Impact Analyses, SSP implementation statements.
    • Technical Description narrative and system Description narratives

    Experience:

    • Must have a minimum of ten (10) years of demonstrated technical hands on Cybersecurity or Information Assurance experience
    • Five (5) years of RMF experience
    • United States Citizen that holds an Active DoD Top Secret/ SSBI and be eligible for a CI Poly

    Education:

    Bachelor's degree (or higher) in related field

     

    Licenses or certifications:

    Verifiable IAM and IAT Certification (CISSP, CISM, CAP or GSLC)

     


     

    Benefits: Medical/Dental/Vision/401k+match

     

    Envistacom is proud to be an Affirmative Action/Equal Opportunity Employer. Envistacom provides equal employment opportunity for all persons, in all facets of employment and maintains a drug free workplace and performs pre-employment substance abuse testing and background checks. We encourage minorities, women, veterans, LGBT and disabled individuals to apply.

     

    Please - no recruiters or staffing agencies

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed