About the position
Dark Wolf Solutions is seeking a Cyber Security and Risk Management Framework (RMF) Engineer to support the development, management, and maintenance of information system security and Assessment and Authorization (A&A) packages. The successful candidate will be responsible for implementing and maintaining robust security measures for the organization's systems and networks, ensuring compliance with Security Technical Implementation Guides (STIGs) and cloud security best practices. They will also promote a culture of security through the implementation of DevSecOps principles and provide guidance on secure coding practices and configuration management. Staying up to date with cybersecurity trends and applying them to enhance the organization's security posture is also a key responsibility.
Responsibilities
- Creating, managing, and maintaining A&A packages including System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), and other artifacts.
- Supporting the entry and maintenance of data into information system security systems of record, such as eMASS.
- Providing continuous monitoring and lifecycle management support activities through both manual and automated methods.
- Assisting in the development of security control weakness mitigation and management strategies.
- Providing unique functional expertise necessary to interpret requirements and achieve successful performance, including subject matter expertise and unique mission/technical knowledge.
- Providing insight to teams for the understanding of the customer's business requirements and the analysis, evaluation, and implementation of systems policies, strategy plans, and other relevant projects.
- Providing guidance and support to development teams regarding secure coding practices and secure configuration management.
- Staying up to date with the latest cybersecurity trends, vulnerabilities, and best practices, and applying them to enhance the organization's security posture.
Requirements
- 9+ years of relevant experience
- Experience as an RMF Engineer, ISSM/ISSO, Security Controls Validator, and/or information assurance engineer
- Hands-on with eGRC tools like: eMASS, XACTA, RSA Archer, etc.
- Experience with Space Force risk management policies
Benefits
- Competitive compensation range of $120,000 - $150,000
- Opportunity to work with a collaborative team
- Development, management, and maintenance of information system security and A&A packages
- Implementation and maintenance of robust security measures for systems and networks
- Compliance with Security Technical Implementation Guides (STIGs)
- Adherence to cloud security best practices
- Promotion of a culture of security through the implementation of DevSecOps principles
- Work within a larger team focused on defining and building cloud and bare metal infrastructure
- Creation, management, and maintenance of A&A packages
- Continuous monitoring and lifecycle management support activities
- Assistance in the development of security control weakness mitigation and management strategies
- Insight into the customer's business requirements and analysis of relevant projects
- Guidance and support for development teams regarding secure coding practices and secure configuration management
- Staying up to date with the latest cybersecurity trends, vulnerabilities, and best practices
- Opportunity to work with eGRC tools like eMASS, XACTA, RSA Archer
- Possibility of supporting Department of Defense RMF processes
- Evaluation of information security compliance against STIGs
- Cloud platform experience with AWS, Azure, Google GCP
- Equal Employment Opportunity (EEO) employer
- Identity and eligibility verification for employment in the United States