Job Openings >> Risk Management Framework Analyst
Risk Management Framework Analyst
Summary
Title:Risk Management Framework Analyst
ID:1153
Department:Engineering
Job Type:Exempt (salaried)
Location:Greenbelt, MD
Description

The RMF Analyst must be able to meet the key criteria below:

  1. Obtain and maintain a Public Trust Clearance. US Citizens and Greencard holders only.
  2. This is a full time, W-2 position. The candidate will be required to be onsite in Greenbelt, MD.
  3. 10+ years’ experience with a bachelor’s degree
  4. Preferred Certifications: CAP, Security+, CISSP, GSEC
  5. In-depth technical experience and security exposure with core technologies, including Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, CDM
  6. Knowledge of FedRAMP and FISMA regulatory compliance requirements.

Overview

Do you want to help IBR build a portfolio of next-generation data collection systems? The RMF Analyst will work seamlessly with the ISSM and other IT Security staff to conduct Authorization to Operate (ATO) activities.

Responsibilities

  • Oversee and actively manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.
  • Actively coordinate with the infrastructure teams to plan, develop, implement and test security controls that meet Federal regulations, program objectives, operational needs and user experience required for the 2020 Census SoS, particularly data collection components. Support the integration of security across the SoS lifecycle.
  • Lead the development and maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.
  • Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to ensure vulnerabilities are remediated as appropriate.  Actively manage vulnerabilities mitigation commitments from the integration team.
  • Assist in establishing rules for program/project vulnerability scans, risk analyses and security assessments which includes addressing controls defined by OMB A130 Appendix III, FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP500-299 (Draft) for both business operations and technical implementation throughout the eSDLC for the SoS.
  • Analyze and define security requirements for information protection. Analyze Decennial change requests for security impacts and provide recommendations to the 2020 Census GPMO.
  • Analyze change requests for security risk, monitor and track security-related defects and resolutions, and make recommendations to the 2020 Census GPMO.
  • Execute with limited direction or conceptual direction, anticipating customer needs and proactively supporting those needs.
  • Assist in establishing and implementing a Continuous Diagnostics and Mitigation (CDM) capability with integrated security controls for the 2020 Census SoS.
  • Assist in establishing a continuous monitoring strategy to proactively survey, monitor, and track security-related defects and the status of their resolutions to report to the 2020 US Census GPMO.
  • Review program/project vulnerability scan results and report findings to the 2020 US Census GPMO and monitor and track their assessment and subsequent resolution using automated scripts where necessary.
  • Monitor for security breaches and participate in incident response activities and investigation of security breaches. Specifically, traditional ISSO audit responsibilities.
  • Capture ATO artifacts that support independent assessment activities.  Consolidate ATO artifacts for input into the USCB Risk Management Processing System.
  • Present status of RMF efforts to Government customer and program meetings as required.

Qualifications

  • In-depth technical experience and security exposure with core technologies, including Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, CDM
  • Knowledge of FedRAMP and FISMA regulatory compliance requirements.
  • Working knowledge of NIST SP800-53 Rev 4 controls, and implementation methodology with the ability to oversee traceability to the controls.
  • Experience working throughout a complete IT Security life-cycle supporting a complex System of Systems.
  • Experience working as a compliance and security control planner and implementer.
  • Adept at managing change control and technical working group.
  • Thorough understanding of the security concepts and intricacies associated with Cloud Computing, Infrastructure, Data Protection, Digital Mobility, Application Security, and Regulatory Compliance.
  • Ability to define and manage reporting and measurement systems for IT Security.
  • Tools/Technology Experience: Functional knowledge of security tools for both Cloud environments and Data Center, including commercial and open source.

About IBR
Imagine Believe Realize, LLC (IBR) is an emerging small business focused on delivering software and systems engineering solutions to government and commercial clients. Our talent acquisition strategy is tailored to career seeking candidates who embrace continuous learning and desire to grow as a professional in the software/systems engineering industry. We strive to enhance our team members ability to thrive in the workplace by creating a proper work/life balance and first-class benefits package that includes:

  1. Nationwide medical, dental, and vision insurance
  2. 3 weeks of paid time off
  3. 10 paid federal holidays
  4. 401k matching
  5. Life insurance at no cost to our employees
  6. Short term disability insurance at no cost to our employees
  7. Long term disability insurance at no cost to our employees
  8. Health care flex spending accounts
  9. Dependent care flex spending accounts
  10. Training opportunities
  11. Education assistance opportunities

IBR is an Equal Opportunity and Affirmative Action Employer. It is our policy to offer employment opportunity to all persons without regard to race, color, age, national origin, religion, sex, gender identity/transgender status, veteran status, disability, genetic information, pregnancy, childbirth or related medical conditions, or any other status protected under applicable federal, state, or local law.

Learn more at
http://www.teamibr.com

This opening is closed and is no longer accepting applications
Powered by ApplicantStack