Cybersecurity Assessment and Authorization SME

About The Position

Requirements

• Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience
• DOD cybersecurity experience
• Experience in assessing security controls and conducting authorization reviews for large, complex organizations.
• Experienced in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures, and processes.
• Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and Operational Technology (OT) infrastructures.
• DOD Secret Clearance and must possess IT-II Non-Critical Sensitive security clearance or Tier 3 (T3)
• General understanding of software testing methodologies
• Have practical and working knowledge of all Microsoft Office applications
• Analytical and Critical Thinking Skills
• Quality interpersonal skills
• Quality oral and written communication skills

Nice To Haves

• OCI Certified
• Experience with an Agile Framework
• Experience with the Continuous ATO process and integration of those processes with an Agile Framework

Responsibilities

• Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures.
• Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization.
• Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes.
• Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization.
• Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process.
• Must have the ability to communicate accurate information.
• Run and Analyze system and software scans
• Develop and track POA&Ms relative to scan findings
• Coordinate with DLA ISSMs on vulnerability management and continuous ATO management
• Work with Operations and Developments teams to address security findings, apply STIGs and manage the IAVA process
• Participate and support a SAFe agile release methodology with testers embedded in the Agile Release Train (ART)
• Conduct review meetings for reported issues with stakeholders and move issues through process

Benefits

• Medical, Dental, and Vision Plans (PPO & HSA options available)
• Flexible Spending Accounts (Health Care & Dependent Care FSA)
• Health Savings Account (HSA)
• 401(k) with matching contributions
• Roth
• Qualified Transportation Expense with matching contributions
• Short Term Disability
• Long Term Disability
• Life and Accidental Death & Dismemberment
• Basic & Voluntary Life Insurance
• Wellness Program
• PTO
• 11 Holidays
• Professional Development Reimbursement