Description The Assessment and Authorization (A&A) / Risk Management Framework (RMF) Subject Matter Expert (SME) will manage Navy-required RMF efforts for Department of Defense (DoD) customers. This role will work collaboratively with Information Technology (IT) Engineers and System Administrators to conduct Cyber Security (CS) analysis, mitigation, remediation, and monitoring to ensure compliance with applicable DoD and Department of the Navy (DON) policies, procedures, and regulations. This position includes all activities associated with obtaining and maintaining RMF Authority to Operate (ATO) for systems within the customer's multi-faceted network infrastructure, which includes multiple platforms residing on multiple security enclaves. Typical Duties Include: * Manage Plans of Actions and Milestones (POA&Ms) resulting from system vulnerabilities from ACAS scans and STIG checks
* Maintain package artifacts and test results within eMASS
* Coordinate with configuration management personnel to process Requests for Change (RFCs) into Use Cases
* Review and recommend updates to package artifacts such as policies and procedures to address non-compliant controls
* Assist with annual security reviews to maintain ATOs
* Identify and coordinate with ATO stakeholders to ensure system documentation reflects current system security configurations to include hardware and software components; data flow; interconnections; and ports, protocols, and services, etc.
* Develop risk acceptance documentation for pending vulnerabilities Required Skills Clearance Requirements: * Active Secret to start. Will require a T5 (if they do not have a TS) from the Government after they start. Certification Requirements: * DoD 8570 IAT Level II (Security + or equivalent at date of hire)
* OS training within 30 days after start date - Windows Server OS Systems, Certifications, and Years' Experience: * MUST have NAVY RMF experience to include 4+ years performing Navy A&A responsibilities including policy development, control testing, POA&M management, and Configuration Management
* 8+ years' experience supporting an IT Enterprise environment in a cyber, system administration, engineering or management capacity. * Experience using MS office tools such as Excel, Word and Visio
* Experience working with DoD tools such as eMASS
* Experience working with security engineers to review compliance scans
* Experience performing cybersecurity assessments using standards such as CIS Benchmarks, DISA STIGS, etc.
* Broad technical experience related to IT operations, networks, OS's, and system administration
* Excellent customer service and organization skills
* Excellent verbal and written communication skills
* Ability to work both independently and as a member of a team Place(s) of Performance: * North Charleston, SC. On site daily. About acuCyber acuCyber is a small business headquartered in Charleston, SC specializing in assisting clients with their most challenging needs around cyber security, compliance, risk management, IT, security engineering and program management. acuCyber brings experience across multiple sectors supporting a multitude of customers. We bring value-added, effective, precise support to ensure your cybersecurity and IT needs are met. Your mission becomes our mission. Securely.
* Maintain package artifacts and test results within eMASS
* Coordinate with configuration management personnel to process Requests for Change (RFCs) into Use Cases
* Review and recommend updates to package artifacts such as policies and procedures to address non-compliant controls
* Assist with annual security reviews to maintain ATOs
* Identify and coordinate with ATO stakeholders to ensure system documentation reflects current system security configurations to include hardware and software components; data flow; interconnections; and ports, protocols, and services, etc.
* Develop risk acceptance documentation for pending vulnerabilities Required Skills Clearance Requirements: * Active Secret to start. Will require a T5 (if they do not have a TS) from the Government after they start. Certification Requirements: * DoD 8570 IAT Level II (Security + or equivalent at date of hire)
* OS training within 30 days after start date - Windows Server OS Systems, Certifications, and Years' Experience: * MUST have NAVY RMF experience to include 4+ years performing Navy A&A responsibilities including policy development, control testing, POA&M management, and Configuration Management
* 8+ years' experience supporting an IT Enterprise environment in a cyber, system administration, engineering or management capacity. * Experience using MS office tools such as Excel, Word and Visio
* Experience working with DoD tools such as eMASS
* Experience working with security engineers to review compliance scans
* Experience performing cybersecurity assessments using standards such as CIS Benchmarks, DISA STIGS, etc.
* Broad technical experience related to IT operations, networks, OS's, and system administration
* Excellent customer service and organization skills
* Excellent verbal and written communication skills
* Ability to work both independently and as a member of a team Place(s) of Performance: * North Charleston, SC. On site daily. About acuCyber acuCyber is a small business headquartered in Charleston, SC specializing in assisting clients with their most challenging needs around cyber security, compliance, risk management, IT, security engineering and program management. acuCyber brings experience across multiple sectors supporting a multitude of customers. We bring value-added, effective, precise support to ensure your cybersecurity and IT needs are met. Your mission becomes our mission. Securely.