Lead Risk Management Framework (RMF) Specialist (Cyber Network Analysis Tech 4)

About The Position

Requirements

• Must be able to obtain and maintain US Top Secret security clearance.
• Experience using DISA ACAS
• Advanced knowledge of Microsoft Excel
• Comply with the DoD Cyber IT/CSWF Program requirements of DoD 8570.1-M and SECNAV M-5239.2 at the Intermediate (IAT-II) level.
• COMPTIA Security+ CE certification
• 9 years relevant experience with Bachelors in related field OR 7 years relevant experience with Masters in related field OR 4 years relevant experience with a PhD.
• High School Diploma or equivalent and 13 years relevant experience

Nice To Haves

• Current DISA ACAS Administrator Training certificate (Preferred)

Responsibilities

• Lead the team in conducting security testing and evaluation of servers, workstations, databases, and network infrastructure devices (e.g. firewalls, switches, routers, load balancers) to identify security vulnerabilities and weaknesses, and produce detailed findings reports that support the security authorization process.
• Develop customized scanning and testing configurations within cybersecurity tools to meet specific security and configuration requirements.
• Map identified findings whether discovered through manual assessment, automated scanning, or associated with CVEs to the appropriate NIST SP 800-53 security controls, DoD policies, and relevant technical standards.
• Analyze and interpret cybersecurity directives, policies, and instructions, including CTOs, FRAG/TASK/OPORDs, IAVMs, PKI guidance, and STIG requirements, to assess applicability and required actions.
• Create or Update eMASS artifacts to support Assessments and Authorizations and Annual Security Reviews.
• Evaluate the adequacy of current security testing and assessment toolsets; identify capability gaps and recommend new tools or enhancements to improve assessment coverage and effectiveness.
• Serve as a subject matter expert on known and emerging vulnerabilities, providing analysis of exploitation methods, mitigation and remediation strategies, severity impacts, and operational considerations.
• Review Assessment & Authorization (A&A) documentation to ensure compliance with applicable DoD and RMF cybersecurity policies and standards.
• Perform risk analyses and recommend mitigating controls.
• Assist in drafting, updating, and maintaining cybersecurity policies, procedures, and technical guidance for systems and emerging technologies.
• Provide critical written and oral analysis of security architecture documentation and vulnerability and risk assessments.
• Support the creation, management, and tracking of Plans of Action and Milestones (POA&Ms), ensuring accurate status reporting and alignment with cybersecurity requirements.
• Advise Government in all aspects of Cybersecurity and Risk Management Framework (RMF).
• Track and report cybersecurity compliance status in VRAM and other applicable vulnerability tracking or reporting platforms.
• Conduct independent verification and risk analysis of security configurations, STIG findings, and POA&M entries for systems and devices across the enterprise.
• Demonstrate the ability to work independently with minimal oversight as well as collaboratively in a team environment.

Benefits

• We offer competitive benefits such as best-in-class medical, dental and vision plan choices; wellness resources; employee assistance programs; Savings Plan Options (401(k)); financial planning tools, life insurance; employee discounts; paid holidays and paid time off; tuition reimbursement; as well as early childhood and post-secondary education scholarships.