District of Columbia
RMF A&A Analyst (Job Number:441545)
SAIC is hiring a RMF A&A Analyst
to join our Team in Washington, DC
- As part of an Engineering Support Services (ESS) team, the candidate will provide cybersecurity analysis, with a focus on Assessment and Authorization (A&A), under the NAVSEA implementation of the Risk Management Framework (RMF) to the Navy Program Executive Office Integrated Warfare Systems (PEO IWS) Cyber Lead and the PEO IWS Lead Information Systems Security Manager (ISSM).
- The PEO IWS Lead ISSM office as the PEO’s package submitting office (PSO) is the Echelon II reviewer responsible for the endorsement of all Functional Authorizing Official (FAO) Platform Information Technology (PIT) system security authorization packages in the Package Approval Chain (PAC) before they get sent to the Functional Security Control Assessor (FSCA), Functional Authorizing Official Designated Representatives (FAODRs), and Authorizing Official (AO), as part of the NAVSEA RMF A&A process.
- The individual will be responsible for reviewing cybersecurity policy documents from DoD, NIST, Department of Navy (DoN), NAVSEA and PEO IWS.
- The candidate will provide subject matter expertise or work closely with subject matter experts, to ensure that combat systems and combat system elements under the purview of PEO IWS comply with organizational cyber requirements.
Duties and Responsibilities:
- In-depth reviewing of authorization packages and artifacts in the Enterprise Mission Assurance Support Service (eMASS) at RMF Steps 1, 2, and 5.
- Track authorization to operate (ATO) statuses and authorizations with conditions, of the 100+ systems within the PEO IWS catalog.
- Complete cyber risk assessments of PEO IWS systems per hull.
- Draft and review cybersecurity policy documents that affect the PEO IWS organization.
- Run and/or support A&A meetings and other working groups.
- Update government SharePoint site with pertinent cybersecurity information and guidance to be available for the PEO IWS organization.
- Analyze network connectivity between systems per platform, e.g., warfare system interface diagrams (WSIDs).
- Review architectural and engineering documents to meet cyber requirements for future combat systems.
- Review Platform IT (PIT) designation requests.
- Review Security Assessment Plans (SAPs), System-Level Continuous Monitoring (SLCM) plan, Implementation plans, and security control tailoring plans at RMF Step 2 Checkpoint package submissions.
- Review ports, protocols, services (PPS), and system authorization boundary diagrams for DoD Information Systems Network (DISN) Connection Process Guide (CPG) compliance.
- Review Security Plan (SP) and SLCM completion, Plan of Actions and Milestones (POA&M), Risk Assessment Report (RAR), Security Assessment Report (SAR), and that all RMF Step 2 conditions have been met for RMF Step 5 Checkpoint submissions.
- Review completed Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists submitted for RMF Step 5 Checkpoint and modification request package submissions.
- Validate all findings from raw scans are documented within the RAR.
- Analyze vulnerabilities in raw scans and determine if documented mitigations are appropriate.
- Ensure all manual reviews are completed in STIG checklists, and that any not applicable (N/A) statements are appropriate.
- Make determinations if there are risk posture changes when system modifications are requested for authorized systems.
- Assess RMF packages against the NAVSEA A&A Analyst checklists, and work with the respective system program offices to resolve all findings until the package is correct for PEO IWS Lead ISSM signature.
- Brief the status of RMF package reviews and recommendations for concurrence to the PEO IWS Lead ISSM.
- Bachelor’s Degree and 2 years of relevant IT experience OR H.S. and 6 years of IT experience
- DoD IT experience, preferably in a former Cybersecurity role or an IT position that had some cybersecurity responsibilities
- Passionate about Cybersecurity
- Cybersecurity knowledge in multiple areas to be able to support the varied work activities of a PEO Cyber Lead office.
- Team Player comfortable interacting with many different people and effective at verbal and written communication, as there will be a lot of face to face meetings, phone, and email interactions with A&A leads, engineers, directors, and the customer
- Be able to multitask and prioritize
- Should enjoy reading and writing and be proficient at it, as most time will be spent reading the work of others in package reviews, reading through cybersecurity documentation, and/or writing reviews and cybersecurity documents. Attention to detail is key as work will have high visibility (GS-14 to SES)
- Able to excel in a fast paced environment
- Hold one of the following foundational cybersecurity certifications at the IAT II Level: Security+ CE, CCNA Security or GSEC, or higher
- Completed training in eMASS, however preferably hands on experience with categorizing information types, tailoring with CNSSI 1253/NIST SP 800-53 rev 4 security controls, managing artifacts and building or reviewing packages in eMASS
- Previously worked in a role as an Information Systems Security Engineer (ISSE), ISSO (or has supported an Information Systems Security Officer (ISSO)/Information Systems Security Manager (ISSM)), Security Control Assessor (SCA)- Validator
- Familiarity with NIST SP 800-37 (Risk Management Framework (RMF))
- Experience with RMF Assessment and Authorization (A&A)
- Experience putting together and/or reviewing Ports, Protocols, and Services (PPS)
- Experience reviewing network topology diagrams and system architecture
- Experience reviewing Assured Compliance Assessment Solution (ACAS) scans or other vulnerability scans (performing scans and hands on experience preferred)
- Experience reviewing DISA Security Technical Implementation Guide (STIGs) (applying STIGs and hands on experience preferred)
- Familiarity with Navy combat systems such as SSDS and AEGIS
- Familiarity with USCYBERCOM IAVAs, IAVBs, and IAVTs
- Hands on experience with Windows and Linux operating systems
- Hands on experience with networking at layers 1-3 of the OSI model
- Familiarity with NAVSEA 9400.2-M, VRAM, WISE
- Familiarity and experience with Platform Information Technology (PIT) systems
- Familiarity with DISN CPG compliant diagrams
- Previous work experience in a program office (PO)
Active Secret security clearance with the ability to obtain & maintain a Top Secret Clearance
- The position is open to junior to mid-level candidates.
- Work Location: SAIC facility in DC and Washington Navy Yard
- Schedule: Can offer a flexible schedule, covering core hours 9AM-3PM
SAIC Overview:SAIC is a premier technology integrator providing full life cycle services and solutions in the technical, engineering, intelligence, and enterprise information technology markets. SAIC is Redefining Ingenuity through its deep customer and domain knowledge to enable the delivery of systems engineering and integration offerings for large, complex projects. SAIC's approximately 15,000 employees are driven by integrity and mission focus to serve customers in the U.S. federal government. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $4.5 billion. For more information, visit saic.com. For information on the benefits SAIC offers, see My SAIC Benefits. EOE AA M/F/Vet/Disability
Job Posting: Oct 31, 2018, 2:34:54 PM
Primary Location: United States-DC-WASHINGTON
Clearance Level Must Currently Possess: Secret
Clearance Level Must Be Able to Obtain: Secret
Potential for Teleworking: No
Travel: Yes, 10% of the time
Shift: Day Job