Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Full-time RMF
Company SecureStrux
Location Remote
Preferred GIAC Certifications N/A
Travel 50%
Salary 150,000
URL https://securestrux.com/careers/
Contact Name Aaron Bean
Contact Email aaron.bean/at/securestrux.com
Expires 2020-11-20

Job Description

Job title
FT Risk Management Framework (RMF)
Reports to
Director of Operations


Job purpose
This position provides technical security assistance and guidance to several of our commercial and government customers in support of their Assessment and Authorization (A&A) programs. As an RMF Consultant you will be responsible for all phases of Assessment and Authorization (A&A) to ensure compliance and provide guidance on IT Security requirements. As cleared contractors under Defense Counterintelligence & Security Agency (DCSA) formally the Defense Security Service (DSS) you will support all phases of the Risk Management Framework (RMF) process. This position will be required to travel on-site to customers facilities to conduct assessments, conduct control gap analysis, conduct training, and provide Enterprise Mission Assurance Support Service (eMASS guidance. This position requires technical knowledge of National Industrial Security Program Operating Manual (NISPOM) processes for Information Systems (IS) and DCSA RMF process knowledge.

Job Duties
Assess, document, and implement RMF process for different types of IS in accordance with the DCSA Assessments and Authorization Process Manual (DAAPM). Systems types may include Multi-user Standalone (MUSA), Single-user Standalone (SUSA), Peer-to-Peer (P2P), Isolated Local Area Network (ISOL), and Enterprise Wide Area Network (eWAN) / WAN systems.
Assess the existing policies and procedures against compliance requirements
Suggest policy and procedure changes to customers as required for compliance
Create and update policy, procedure and process documents for the accreditation package
Execute RMF implementation
Conduct validation services, prepare POA&M, and compile validation results

Company Related Tasks
Company meeting attendance as needed
Support Business Development with Level of Effort (LOE), Writing, Reviews, and general proposal support.
Assist in the development and adherence of performance targets for projects.
Follow all company policies and procedures.

Qualifications
At least five (5) years demonstrated experience in NISPOM Compliance and A&A policies, procedures, and processes for information systems
Implementing and maintaining NISPOM-compliant information systems
Strong writing, presentation and professional communication skills
DoD 8570 IAM LVL I Certified required (Security + CE, CAP, GISF, or GSLC)
DoD 8570 IAM/IAT LVL III Certified preferred (CASP, CISA, CISM, CISSP)
Citizenship/Clearance Requirement: US Citizen / Secret
Preferred experience with NIST 800-171 CUI
Disclaimer: This position requires successful completion of a background check and employment verification. The successful candidate must not be subject to employment restrictions from a former employer (such as a non-compete) that would prevent the candidate from performing the job responsibilities as described.
SecureStrux is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, national origin, protected veteran status, or disability status.

Working conditions
Location: Several locations open throughout the U.S. This position requires 50-60% travel to customer sites and remote telework.
Physical requirements
The physical demands of the position include: the job is one where the incumbent is required to sit, perform computer work for periods of time, and do repetitive tasks.

About Us

SecureStrux, LLC is a women-owned small business (WOSB) cyber security firm. It provides specialized services in the areas of compliance, vulnerability assessment management, computer network defense, and cyber security strategies. Established in 2008 and with deep roots in the DoD cyber security community, SecureStrux has a dynamic and talented team of industry-certified professionals that serve some of our country’s largest public and private organizations.

SecureStrux is a small, agile company that is able to customize their benefits to meet the individual needs of their employees and their families.

The current benefit package includes the following:
Generous Paid Time Off package.
Employer Paid Life Insurance
Employer Paid Short/Long Term Disability
Employer Paid Vision/Dental
401K-Employer matches up to 4%. Eligible after 3 months of employment and meeting the minimum hour requirements of 250 hours
Group Health Insurance – Several plans to choose from
FSA/HSA
Education Reimbursement of $3,500/yr. (subject to approval)
Corporate Logo Clothing allowance $250/yr. (subject to approval)