cFocus Software Incorporated

Compensation

Full Description

cFocus Software seeks an RMF Analyst to join our program supporting the Department of Defense (DoD). This position is remote. This position requires the ability to obtain a TS/SCI clearance. Qualifications: Minimum 5 years’ experience designing and integrating enterprise and systems security throughout the development lifecycle. Minimum 3 years’ experience conducting thorough assessments of RMF-related management, operational, and technical security controls within DOD IT systems. Minimum 3 years’ experience providing project management, subject matter expertise, and hands-on experience for systems certification and accreditation efforts in accordance with applicable DOD and DON cybersecurity policies and RMF guidance. Duties: Create, review, update, and validate cybersecurity Standard Operations Procedures (SOPs) as required. Review and maintain an inventory of authorized software (software custodian). Review and maintain an inventory of government furnished devices and media. Ensure configurations on laptops and servers are validated prior to being deployed (as required) Audit and validate configurations of network devices based on STIGs, or defining and implementing compensating controls of such STIGs as required to ensure mission execution. Maintain and update all RMF and A&A documentation to ensure relevancy and alignment with OPTEVFOR cyber OT&E mission assets to include required revisions and updates in eMASS. Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset, networks, and/or systems. Ensure traceability is maintained throughout the RMF submission process (e.g., A&A plan, Plan Of Action and Milestones (POA&M), Security Assessment Report (SAR), topology, software, ports protocols and services, test plan). Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON /DADMS. Maintain documentation and registration of network ports, protocols, and services. Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP). Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation. As a member of the Configuration Control Board (CCB), ensure CCB approved changes are timely and accurately reflected in the A&A documentation. Support compliance validation of current and future directives (e.g.: IAVs, STIGs, TASKORD/CTOs). Provide recommendations for corrective action of any non-compliant security controls. Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with eh DoD Instruction 8510 series, Risk Management Framework for DoD systems. Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current. Prepare and maintain documentation, vulnerability scan results, system security assessments, and configuration management findings to support RMF compliance and inform system authorization decisions. Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions. Conduct and document a semi-annual tabletop exercise twice in a calendar year. Develop or contribute to security test plans and supporting documentation that verifies the implementation of assigned security controls and inform ongoing risk determinations. Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance, and produce checklists for IT systems.