The Cyber/Risk Management Framework (RMF) SME leads and manages all aspects the cyber security systems engineering of a space/ground acquisition program including the Risk Management Framework (RMF), the System Security Plan, and implementation of the Plans of Action and Milestones (POA&M) process. The leads serves as the technical subject matter expert for all security architecture design and cyber resiliency.
• Provides analytical and technical security recommendations to the customer
• Lead for the identification of projects' security requirements
• Provides security recommendations for systems using Cloud services
• Participates in network design reviews and security testing for the customer's networks
• Coordinates with system development teams to ensure network security standards are being followed and implemented correctly
• Identifies additional security requirements, based on RMF or as the result of security issues that put the customer's systems at risk
• Reviews and analyzes new systems (hardware and software) and provides recommendations concerning their security
• Reviews Security Requirements Traceability Matrixes (SRTMs), System Security Plans (SSPs) and other IA documentation for completeness
• Develop security controls and derived requirements
• Develop and coordinate RMF documentation and supporting artifacts for the assessment and authorization (A&A) of the system.
• Develop and implement a Continuous Monitoring (ConMon) Strategy
• Support the development of a cyber-threat model that describes the types of threats
• Lead the development and implementation of a Plan of Actions and Milestones (POA&M) process
• Support the development of a system security architecture in the form of diagrams and descriptive
The Cyber/Risk Management Framework (RMF) SME provides feedback to design engineers and evaluates end-to-end systems and systems-oriented products through their entire life cycle. Working as expert, conducts research and evaluates technical performance of software products and overall segments and systems. Ensures products and systems comply with requirements and government information assurance and cyber security standards and practices through formal verification methods. Verifies/validates systems with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures focused on the threat to information networks. Assesses performance using evaluation criteria and technical performance measures. Prepares assessments and cyber threat profiles of current and planned products based on sophisticated testing, research, and analysis. Participates in design reviews of components (hardware and software) to ensure applicability to the current system and traceability of requirements. Reviews test plans/procedures and ensures they verify/validate the requirements. Develops and maintains analytical procedures to meet changing requirements. Produces high-quality papers, presentations, recommendations, and findings for senior US government intelligence and operations officials. Qualifications
Requires 12 to 15 years with BS/BA or 10 to 13 years with MS/MA or 7 to 9 years with Ph.D.
Desired qualifications include:
• Current U.S. Government Top Secret/SCI with Poly
• An Advanced Cyber Certification (DoD 8570/8140 IAT Level III)
• A certification in one of the below Cloud certifications:
• CompTIA Secure Cloud Professional (CSCP)
• CompTIA Cloud+ CE
• AWS certification (Associate or Professional in Solutions Architect, Developer, DevOps Engineer, or Security Advanced Networking)
• Certified Cloud Security Professional (CCSP)
• Cloud Certified Professional
• Google Certified Professional Cloud Architect
• Certificate of Cloud Security Knowledge
• VMWare Certified Advanced Professional - Cloud Infrastructure Administration
• Microsoft Specialist: Implementing Microsoft Azure Infrastructure Solutions
• Microsoft Specialist Architecting Microsoft Azure Solutions
• At least 3 year of demonstrated experience providing security engineering to cloud capabilities and solutions in AWS, Azure or other mainstream CSP
• Excellent communications skills - Verbal and Non-Verbal About PeratonPeraton drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted and highly differentiated national security solutions and technologies that keep people safe and secure. Peraton serves as a valued partner to essential government agencies across the intelligence, space, cyber, defense, civilian, health, and state and local markets. Every day, our 22,000 employees do the can't be done, solving the most daunting challenges facing our customers.We are an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race, color, religion, age, national origin, ancestry, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, veteran status, disability, genetic information, citizenship status, or membership in any other group protected by federal, state, or local law.As a government contractor, Peraton abides by the following provisionPay Transparency Nondiscrimination ProvisionThe contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c).