Job Description

cFocus Software seeks an RMF Analyst to join our program supporting the Department of Defense (DoD). This position is remote. This position requires the ability to obtain a TS/SCI clearance.

Qualifications:

• Minimum 5 years’ experience designing and integrating enterprise and systems security throughout the development lifecycle.
• Minimum 3 years’ experience conducting thorough assessments of RMF-related management, operational, and technical security controls within DOD IT systems.
• Minimum 3 years’ experience providing project management, subject matter expertise, and hands-on experience for systems certification and accreditation efforts in accordance with applicable DOD and DON cybersecurity policies and RMF guidance.

Duties:

 

• Create, review, update, and validate cybersecurity Standard Operations Procedures (SOPs) as required.
• Review and maintain an inventory of authorized software (software custodian).
• Review and maintain an inventory of government furnished devices and media.
• Ensure configurations on laptops and servers are validated prior to being deployed (as required)
• Audit and validate configurations of network devices based on STIGs, or defining and implementing compensating controls of such STIGs as required to ensure mission execution.
• Maintain and update all RMF and A&A documentation to ensure relevancy and alignment with OPTEVFOR cyber OT&E mission assets to include required revisions and updates in eMASS.
• Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset, networks, and/or systems.
• Ensure traceability is maintained throughout the RMF submission process (e.g., A&A plan, Plan Of Action and Milestones (POA&M), Security Assessment Report (SAR), topology, software, ports protocols and services, test plan).
• Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON /DADMS.
• Maintain documentation and registration of network ports, protocols, and services.
• Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP).
• Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation.
• As a member of the Configuration Control Board (CCB), ensure CCB approved changes are timely and accurately reflected in the A&A documentation.
• Support compliance validation of current and future directives (e.g.: IAVs, STIGs, TASKORD/CTOs).
• Provide recommendations for corrective action of any non-compliant security controls.
• Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with eh DoD Instruction 8510 series, Risk Management Framework for DoD systems.
• Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current.
• Prepare and maintain documentation, vulnerability scan results, system security assessments, and configuration management findings to support RMF compliance and inform system authorization decisions.
• Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions.
• Conduct and document a semi-annual tabletop exercise twice in a calendar year.
• Develop or contribute to security test plans and supporting documentation that verifies the implementation of assigned security controls and inform ongoing risk determinations.
• Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance, and produce checklists for IT systems.

Job Tags

Full time, Remote work,

Similar Jobs