Cybersecurity RMF Analyst

About The Position

Requirements

• Bachelor’s Degree and ten (10) years of experience with Cybersecurity / Information Technology, or eighteen (18) years of hands-on experience with Cybersecurity / Information Technology in lieu of degree.
• Active DoW Secret security clearance
• DoW 8570-compliant certification
• Demonstrated experience assessing, managing, engineering, or architecting cloud technologies from major vendors such as Microsoft, Amazon, or Google
• A cloud related certification such as Google Certified Professional Cloud Architect, Microsoft Azure Fundamentals, AWS Certified SysOps Administrator, or ServiceNow Certified Administrator
• Experience with Risk Management Framework
• Experience in RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
• Experience working within DoW
• Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs

Nice To Haves

• Experience working with DoW or DoN RMF processes or IT systems
• Experience with FedRAMP
• Familiarity and experience with the eMASS
• Technical experience with network, database, containers, AI, or DevOps technologies

Responsibilities

• Assess cybersecurity standards and practices of cloud-based systems against FedRAMP, DoW, and DHA requirements
• Document cybersecurity posture in support of the RMF process
• Facilitate movement of multiple information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews
• Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge
• Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities and documentation.
• Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
• Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
• Develop, update, and/or review RMF documentation to include IV&V results, Risk Assessment Reports, and POA&M development.
• Develop, update, and/or review cybersecurity documentation for the use of cloud native services such as those offered by Microsoft, Amazon, Oracle, and Google
• Assess system compliance against NIST, DoW, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
• Produce evidence as necessary to support compliance status of NIST, and DoW.
• Review and assess authorization boundary diagrams, service architecture diagrams, data flow diagrams, hardware and software inventories
• Analyze vulnerability scans of information systems
• Excellent customer service and organization skills
• Excellent oral and written communication skills

Benefits

• KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule.
• We support career advancement through professional training and development.