RMF Cybersecurity Consultant
Location
Chantilly, Loudoun County, VA | United States
Job description
DESCRIPTIVE SUMMARY:
Datawiz Corporation, a Virginia based business incorporated in 1999. Datawiz is appraised at CMMI Level III for DEV & SVS by CMMI Institute a subsidiary of ISACA. Datawiz also achieved ISO 9001:2015, ISO 27001:2013, and ISO 20000-1:2011 certifications. With strong qualifications in Building, Securing and Managing IT infrastructure for Public and Commercial Sectors.
Datawiz holds a strong position and reputation providing support to various federal agencies to meet their small-business utilization requirements with high caliber products and services offerings, for their critical business processes. Through our proven project management and cost engineering methodology services, we ensure that our clients get maximum return on their investment by managing systems to meet their current and future needs.
Datawiz is currently seeking a qualified RMF Cybersecurity Consultant to join our team and support a federal government client on a long-term, full-time project based in Washington, DC. In this role, the RMF Cybersecurity Consultant will play a crucial part in conducting vulnerability/risk assessment analysis to facilitate Assessment & Authorization (A&A) processes. Additionally, the role involves providing Configuration Management (CM) for information system security software, hardware, and firmware, ensuring the integrity and security of critical systems and data.
Must be eligible for a a Public Trust Clearance
Job Responsibilities:
- Participate in vulnerability/risk assessment analysis to support Assessment & Authorization (A&A) processes
- Implement Configuration Management (CM) protocols for information system security software, hardware, and firmware to uphold system integrity and security standards
- Review security controls in accordance with the NIST SP 800-53 (Rev4 and Rev5)
- Prepare and interpret Security Assessment Report (SAR)
- Integrate and test new technology for compliance with IT security standards
- Perform analysis to ensure security controls are consistently implemented throughout the system development life cycle and continuous monitoring phase
- Develop, document, and execute plans for monitoring, assessing, and verifying security controls across assigned information systems
- Document security control implementation statements
- Work with cross-functional teams across the agency to complete RMF steps 1 through 3, as required for RMF steps 4, 5, and 6
- Provide recommendations, guidance, and corrective action for all non-compliant security controls
- Request, gather, and comprehend evidence required to closeout open POAMS
- Execution and knowledge of FISMA tasks that consist of system authorization/reauthorization, Privacy Impact Assessments, and system security categorization required for agency application systems
- Conduct comprehensive self-assessments consisting of automated and manual security assessments of the management, operational, and technical security controls employed within or inherited by agency information systems to determine the overall effectiveness of the controls
- Optimize processes to meet IT security-related goals and strategies by documenting lessons learned for each system and application by authorization month and year
- Enter test results and artifacts into the agency/department repository
- Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions
- Support agency review of assessment activities, reports, and conclusions
- Develop and maintain all required Assessment documentation following NIST 800-53 requirement for Steps 1, 2, 3, 4 (remediation of independent assessment findings), 5 (Provide artifacts for Authorization Official Approval/Review Package), 6 (Continuous Monitoring actions) of the Risk Management Framework for agency managed systems
- Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current
- Provide guidance to key stakeholders on the necessary components to demonstrate the achievement of control objectives
- Implement a NIST-compliant continuous monitoring process across all major information systems to provide periodic assurance to senior management on the security protections of major information systems
- Support periodic assessment of a bureau-identified subset of security controls across assigned information systems
Minimum Qualifications:
- Minimum of 10 years of experience with RMF, overseeing Information Systems Security activities.
- DoD Approved 8570 IAM Level I or II Certification (Sec+, CASP, etc.) or equivalent
- Experience authoring and/or maintaining artifacts in support of the A&A process
- Provide thorough Quality Assurance (QA) of all ATO documentation
- Effective verbal and written communication skills with the ability to offer experienced guidance to executive staff, customers, and subcontractors
- Ability to prioritize, follow tasks through to completion, and work with minimal supervision
- This position supports a federal government agency that requires a Background Investigation. The candidate must be able to clear the Background Investigation to commence work
Preferred Qualifications:
- Advanced certifications such as CISSP, CISM, etc., or other relevant credentials
- Familiarity with emerging cybersecurity technologies and trends, demonstrating a commitment to continuous learning and professional development
Must be eligible for a a Public Trust Clearance
Datawiz :offers the following Benefits:
- Medical
- Dental
- Vision
- Flexible Spending Account
- Health Savings Account
- Life and AD&D
- Short-Term Disability
- Long-Term Disability
- 401(k)
- Tuition Assistance
- Paid Time Off
Datawiz is proud to be an equal opportunity employer, committed to recruiting, hiring, and promoting qualified people of all backgrounds, regardless of sex, race, color, creed, national origin, religion, age, marital status, pregnancy, physical, mental or sensory disability; sexual orientation; gender identity or any other basis protected by federal, state or local law. Learn more about your EEO rights as an applicant.
Datawiz is committed to working with and providing reasonable accommodation to applicants with physical and mental disabilities. If you have a disability and require assistance with our online application process, please tell us how we can help by contacting us at
[email protected] Note: This accessibility is intended for individuals requiring accommodations and should not be used to check on the status of your application. Inquiries not specific to requesting accommodation will be discarded.
Datawiz participates in the E-Verify program in certain locations as required by law. Learn more about the E-Verify program .
Job tags
Salary
$110k - $130k
