Cybersecurity Risk Management Framework Evaluator

We need following candidate:

Title: Cybersecurity Risk Management Framework Evaluator - (Technical CISSP Holder)

Location: Tampa, FL Hybrid Work

Contract: 6+ Months / Fulltime

*** DoD Secret clearance ***

Technical Responsibilities

• Conduct comprehensive IT security control assessments on systems identified within the scope of the contract.
• Knowledge of Air Force communication squadron culture as well as a basic- intermediate technical knowledge in endpoint security, network vulnerability scanning, insider threat, cross domain solutions, cyber defense monitoring and detections, cybersecurity and resiliency, and SCRM. Familiar withDoD/AF publications + issuances (e.g., NIST 800-53 RMF).

Familiarity with eMASS (including writing POA&Ms) or ability to learn new programs efficiently with minimal oversight after training.

• Knowledge of eMASS, ITIPS, SNAP(NIPR)/GIAP(SIPR), STIG Viewer, Evaluate STIG, ACAS/SCAP, Microsoft Teams.
• Familiarity with STIGs and compliance methods (will be writing many SOPs based on STIG requirements) as well as CCRIs. B e present during CCRIs.
• Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.
• Review the System Security Plan (SSP), prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system that meet the stated security requirements. Advise the ISSM concerning impact values for confidentiality, integrity, and availability for the information on a system.
• Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards and controls to mitigate vulnerabilities.
• Review and approve the information system security assessment plan, which is comprised of the SSP, the Security Controls Traceability Matrix(SCTM), and the Security Control Assessment Procedures.
• Ensure security control assessments are completed for each information system and ensure controls are working as intended and these controls protect the confidentiality, integrity and availability of IT resources at the appropriate levels.
• Prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity.
• For each completed site visit, provide a visit report.
• Support compliance with RMF controls to include, as necessary, development of Plans of Action and Milestones (POA&Ms) and mitigation of control deficiencies.

Technical Qualifications and Skills

• 4-8 years of experience.
• DoD Secret clearance
• Bachelor s Degree or equivalent work experience is highly preferred.
• Excellent listening skills, effective and efficient oral and written communication skills.
• Strong written, verbal communication and presentation skills no exceptions! Ability to speak at group events, and to interface with customers.
• Solid time management, planning, organizational communication skills, and ability to scope prospective engagements, develop proposals and project plans

Possession of one of these Current 8140 proficiency level or any below certifications:

• CISSP
• CGRC
• GSEC
• CySA+
• CASP+
• Security+