Overview
On Site
$DOE
Full Time
Accepts corp to corp applications
Contract - W2
Contract - Full Time
Skills
risk assessments
RMF policy creation
cybersecurity compliance
Job Details
Job Title: RMF Engineer
Location: Fort Belvoir, VA - Onsite
Duration: Full Time
Location: Fort Belvoir, VA - Onsite
Duration: Full Time
Responsibilities:
- Develop and deliver implementation plans, risk assessments, research, and analysis supporting RMF and continuous monitoring based on Government regulations, plans, and direction.
- Provide monthly status reports and track the execution of Army RMF, including compliance with authorizations, system assessments, and Plan of Actions & Milestones (POA&M) expirations and executions.
- Collaborate with automated RMF tools such as eMASS and APMS, following the Federal Information Security Management Act (FISMA), DoD Directive 8500.01, NIST Special Publication 800-53, and CNSSI 1253 guidelines.
- Ensure compliance with DoD Cybersecurity (CS) policy requirements outlined in DoDI 8500.01, DoDI 8510.01, and their successors.
- Integrate with Security Requirements Guide (SRG) and Security Technical Implementation Guides (STIG) development teams to include emerging technologies in the STIG roadmap process.
- Conduct onsite visits and surveys to address security compliance and technical analysis, producing comprehensive reports and recommendations for improvements and enhancements.
- Identify risk areas through implementation shortfalls and develop plans to recommend policy updates, addressing widespread issues and exceptions to policy.
- Participate in working groups, forums, and direct interactions to gather information for research and analysis in support of RMF and continuous monitoring.
- Standardize forms and integrate with continuous Authorization to Operate (cATO) and RMF emerging technology efforts to reduce the burden on mission owners while maintaining security.
- Provide guidance on addressing risks from a mission and business process perspective, ensuring Army CS initiatives align with applicable laws and regulations.
- Support the integration of Operational Technology (OT) into the Army's IT and Network Operations CS capability by tracking emerging tech and working with mission owners.
- Conduct outreach and education on data value and categorization, integrating with various Army data owners to achieve unified end-to-end multi-element asset capabilities.
- Support the Commercial Temporary Exception to Policy (C-TEP) program, creating standardized templates and workflow automation.
- Track tasks and requirements aligned with the Army Data Strategy and Army Directives, representing Army security needs in future strategy and directives.
Experience required:
- Bachelor's degree in a relevant field or equivalent experience.
- 10+ years of proven experience in RMF policy creation, risk assessments, and cybersecurity compliance.
- In-depth knowledge of RMF 2.0, FISMA, NIST publications, and DoD cybersecurity policies.
- IAM Level III certification or equivalent cybersecurity certifications.
- Excellent communication and collaboration abilities to work with various stakeholders.
- Ability to conduct onsite visits and technical analysis.
- Understanding of emerging technologies and their impact on cybersecurity.