Fort Belvoir, VIRGINIA
Qualified applicant requires the ability to ensure the application of information systems security and application security policies and procedures (Security Technical Implementation Guides [STIG], Information Assurance Vulnerability Management [IAVM], and Federal Information, Security Management Act (FISMA)) are followed. In addition will develop/implement system security plans, control implementation, and system requirements. Candidate will conduct information system (IS) security assessments and validations and provide security recommendations/remedial actions to ensure IS compliance is met and plan of actions and milestones are defined.
SKILLS AND QUALIFICATIONS
- Prepare, update and maintain Risk Management Framework (RMF) documents, checklists and artifacts for upload into the Enterprise Mission Assurance Support Services (eMASS)Authorization to Operate
- Utilize the Enterprise Mission Assurance Support Service (eMASS) to record RMF activities such as control implementation of all applicable Security Controls as identified via information system security categorization in accordance with NIST SP 800-53 and CNSSI 1253 (security controls are broken down into individual, measurable, statements called assessment procedures or Control Correlation Indicators (CCIs)) in accordance with DoDI 8510.01 (Risk Management Framework (RMF) for DoD Information Technology (IT));
- Develop artifacts and supporting evidence (e.g. test results), to satisfy all applicable RMF Controls and corresponding CCI’s;
- Create Plan of Action and Milestones (POA&M) for remediation and non-compliance activities. Monitor execution of POA&M. Support developing risk acceptance mitigations and reasoning as necessary;
- Monitor and maintain eMASS Asset tab findings by:
- Ensuring STIG checklists are identified for each system
- Include any failed security checks to existing POAMs
- Continually evaluate and update POAM status (e.g. test results, dates) until the POAM actions have been satisfied and closed
- Populate approved Implementation Plan (IP) with appropriate status and designation of all applicable RMF;
- Verify all CCI (compliant and non- compliant) artifacts for completeness and provide a list of missing artifacts to oversite personnel;
- Review and compare Security Control Assessor-Validator (SCA-V) findings with risk assessment documentation and create necessary POAM’s to address shortcomings;
- Ensure non-compliant and non-applicable controls are updated according to the (ATO)
- Over time, grow and develop into RMF Expert with the ability to perform responsibilities with minimal supervision and assistance.
Candidate’s knowledge should include:
- Basic knowledge or DoD RMF or Federal Certification and Accreditation Processes for IT systems;
- 3 years of desktop engineering/systems engineering/systems administration type experience within DoD environments with sufficient skills and knowledge to interpret and communicate with other engineers on IT systems;
- Experience implementing DISA STIGs or reviewing technical STIG checklists;
- Must possess ability to clearly articulate in writing and be able to develop clear security guidance;
- Candidate should have good interpersonal skills and be willing to work on a team project.
- Attention to Detail – Demonstrates thoroughness and contentious attention to detail;
- Customer Service – Works with clients and customers to assess their requirements, provide information or assistance, explains the scope of available products and services, is committed to quality deliverables;
- Oral Communication – Expresses information effectively, listens to others, attends to nonverbal cues, and responds professionally;
- Problem Solving – Identifies problems, determines accuracy and relevance of information, uses sound judgment to generate and evaluate alternatives, makes recommendations and resolve issues.
EDUCATION AND EXPERIENCE
- High-school diploma or educational equivalent is required: Diploma from a technical or vocational school or an equivalent military/DoD training;
- Bachelor’s Degree in Computer Science, Information Assurance, Information Systems, or other related scientific or technical discipline is preferred;
- Work/military experience, or industry certifications demonstrating technical proficiency may be substituted for education requirements;
- Three (3) to Five (5) or more years of progressive experience providing troubleshooting, and maintenance support in a Windows network environment.
Candidate must possess the following certifications in order to meet the DoD Information Assurance Technical (IAT) Level II Information Assurance (IA) Requirement:
Applicant must have and maintain at least one of the following Information Assurance (IA) certifications prior to beginning employment:
CompTIA, Security+ ce
CompTIA, CASP+ ce
CISCO, Cisco Certified Network Associate Security (CCNA-Security)
GIAC, Security Essentials Certification: (GSEC)
ISC2, System Security Certified Practitioner (SSCP)
Higher certifications that meet IAT III requirements are also acceptable. (Must be approved and verified by management.) Rreference: (https://public.cyber.mil/cwmp/dod-approved-8570-baseline-certifications/) for list of qualified certifications.
Applicant must also have at least one of the following Computing Environment (CE) certifications within 180 days from his/her start date*:
eMASS training (available online @ https://rmfks.osd.mil/rmfresources/eMASS/CBT_Sept2018/index.aspx) must be run from a .mil network
RMF Training – NOTE: Education assistance may be available to assist in completion of certification once employment starts.
*Approved training may suffice for actual certification.
NOTE: These statements are intended to describe the general nature and level of work involved for this job. It is not an exhaustive list of all responsibilities, duties and skills required of this job.