Cybersecurity Engineer/RMF ISSO Contractor with Secret

Fort McDill Air Force Base (and remote), United States

VOSAGO

Vosago specializes in IT Staffing, IT Federal Subcontracting, and Executive Recruiting.

View all jobs at VOSAGO

Apply now Apply later

Our client is looking for a cybersecurity professional to manage the Risk Management Framework (RMF) process and review / update the Authority to Operate (ATO) and Authority to Connect (ATC) approval packages.  You will perform as the primary security advisor on multiple systems.  At least 4 years of experience, a DoD Secret clearance, and possession of an IAT II certification is required.

Location: Hybrid: Tampa, FL (Fort McDill Air Force Base) and remote (on-site 4 to 5 days a week for the first couple of months, then transitioned to 2 days a week).

Citizenship: U.S. citizenship is required

Clearance: Active DoD Secret clearance

The ideal candidate will:

  • Provide solutions and recommendations to remedy security vulnerabilities, threats, to ultimately improve the protection of IT resources and to execute the MacDill AFB mission.
  • Provide guidance to other assessors on the policies and procedures of the job.
  • Provide detailed assessment findings using Government-specified processes and procedures.
  • Utilize assessment results to identify trends and to improve IA training, policies and processes.
  • Utilize the RMF methodology to successfully implement an information technology process which shall effectively protect the element's information assets and its ability to perform its mission to include but not limited to Configuration Management.
  • Utilize RMF tools such as (but not all encompassing) Enterprise Mission Assurance Support Service (eMASS), SNAP, Information Technology Investment Portfolio System (ITIPS), and Grid Interconnection Approval Process (GIAP) system.

Responsibilities

  • Conduct comprehensive IT security control assessments on systems identified within the scope of the contract. 
  • Provide an assessment on the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions and or controls to address identified vulnerabilities.
  • Review the System Security Plan (SSP), prior to initiating the security control assessment and ensure the plan provides a set of security controls for the information system that meet the stated security requirements. 
  • Advise the ISSM concerning impact values for confidentiality, integrity, and availability for the information on a system.
  • Evaluate threats and vulnerabilities to information systems to ascertain the need for additional safeguards and controls to mitigate vulnerabilities.
  • Review and approve the information system security assessment plan, which is comprised of the SSP, the Security Controls Traceability Matrix (SCTM), and the Security Control Assessment Procedures.
  • Ensure security control assessments are completed for each information system and ensure controls are working as intended and these controls protect the confidentiality, integrity and availability of IT resources at the appropriate levels.
  • Prepare the final Security Assessment Report (SAR) containing the results and findings from the assessment at the conclusion of each security control assessment activity.
  • For each completed site visit, provide a visit report.
  • Support compliance with RMF controls to include, as necessary, development of Plans of Action and Milestones (POA&Ms) and mitigation of control deficiencies.
  • Evaluate security control assessment documentation and provide written recommendations for security authorization to the AO.
  • Assemble and submit the security authorization artifacts to the AO (consisting of, at a minimum, the SSP, the SAR, the POA&M, and a Risk Assessment Report (RAR).
  • Assess the proposed changes to information systems, their environment of operation, and mission needs to determine if they are security-relevant and could therefore affect system authorization.
  • Use Security controls defined by the AO and lead ISSM.

Qualifications and Skills

  • U.S. Citizenship.
  • 4-8 years of experience.
  • DoD Secret clearance
  • Bachelor’s Degree or equivalent work experience is highly preferred.
  • Excellent listening skills, effective and efficient oral and written communication skills.
  • Strong written, verbal communication and presentation skills – no exceptions! Ability to speak at group events, and to interface with customers.
  • Solid time management, planning, organizational communication skills, and ability to scope prospective engagements, develop proposals and project plans.
  • Possession of one of these IAT II (or other) certifications:
    • CCNA Security
    • CySA+ **
    • GICSP
    • GSEC
    • Security+ CE
      CND
    • SSCP


Apply now Apply later
  • Share this job via
  • 𝕏
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Clearance CND Compliance DoD eMASS GICSP GSEC POA&M Risk assessment Risk Assessment Report Risk management RMF SCTM Security assessment Security Assessment Report SRTM SSCP System Security Plan Vulnerabilities

Regions: Remote/Anywhere North America
Country: United States

More jobs like this

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.