Senior RMF Policy Analyst

About The Position

Requirements

• BS degree in Engineering, Physics, Network Security, or Computer Science. In lieu of degree, an additional 8 years of relevant experience can be substituted.
• Twelve (12) years of experience in Engineering, Systems Analysis, Medical Systems, Cybersecurity, Web Development, or Engineering Management to include: Technology Analysis and Assessment, Design Definition, Development of Systems Specification, Systems Analysis, Systems Architecture, Systems/Equipment Integration, Test & Evaluation Criteria, and Logistics support of C4ISR requirements.
• Five (5) years of technical experience in support of Cybersecurity/network protection or virtualization projects. Note: Experience may be concurrent. Advanced degrees in appropriate area substitute for experience as follows: Ph.D. (or equivalent terminal degree) – five (5) years of experience; MS or ME in appropriate area – two (2) years of experience.
• Active Secret required.
• Current CompTIA Security+ or DoD 8570 IAT/IAM level 1 or higher required.
• Demonstrated experience with RMF Steps 1-5
• Working knowledge of eMASS (Enterprise Mission Assurance Support Service)
• Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other DoD Risk Management policies
• Experience with the development of RMF Cyber Security documentation
• Familiarity with the use of vulnerability scanning and assessment tools necessary to identify and document compliance

Nice To Haves

• Ability to lead teams and regularly interact with senior level program personnel
• Ability to manage multiple projects simultaneously
• Strong verbal and written communications and customer service skills
• A self-leader, self-thinker, needs little direction, ability to work in a dynamic team environment
• Experience with DHA Cyber Security Directorate is a plus
• Experience in conducting online or in-person training is a plus

Responsibilities

• Review, analyze, and update existing A&A Process SOPs, to reflect current Government approved practices.
• Review and update, where and when needed, the existing certification/testing model so it reflects best business practices in information technology/security once approved by the Government.
• Review current processes and recommend/develop automated processes in the areas of application risk assessments and additionally update/map these processes to existing interactive workflows and processes in SharePoint.
• Function as the primary Point of Contact with responsibility for the development and maintenance of the cybersecurity SOPs.
• Provide subject matter expertise in the area of DoD and DHA A&A requirements.
• Ensure accuracy of the information introduced in the SOPs and institute and exercise proper change control mechanisms when proposing or making changes to the technical, functional, or contextual information contained in the SOPs.
• Ensure the accuracy and correctness of the procedures and processes in the SOPs by utilizing a thorough Quality Assurance (QA) plan.
• Maintain all RMF/DIACAP documentation templates associated with A&A efforts and associated deliverables.
• Create, maintain, and manage training materials for approval by the Government.
• Apprise users about available assistance as well as technical security products and techniques.
• Attend weekly CCB/SCAR Tiger Team meetings and monthly ACAS/CMRS meetings to understand issues and changes which drive potential updates to training content.
• Understand how eMASS functions and provide responses to technical and cyber related questions.

Benefits

• KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD&D, flexible spending account, disability, paid time off, or flexible work schedule.
• We support career advancement through professional training and development.