Columbia, MD/ Northern Virginia
Sealing Technologies is seeking an Risk Management Framework Cyber Analyst responsible for the creation, consultation, and ongoing assessment and authorization (A&A) documentation in compliance with Federal Cybersecurity policies and guidelines in support of the Federal Information Security Modernization Act (FISMA), OMB Circular A-130, and NIST Special Publications (SP) such as 800-37, 800-53 and 800-59 to support security control implementation and development for a DoD Customer. The RMF Cyber Analyst will evaluate governance, risk and compliance efforts and coordinate program security documentation for various Federal customers and is an industry recognized thought leader that has mastered multiple NIST/RMF practices. The individual must be comfortable working with as well as presenting information to a wide range of stakeholders and functional teams.
*Work will be performed both onsite in Northern Virginia at the DoD customer location and at our Sealing Tech HQ in Columbia, MD. A few days a week of remote work may be possible under certain scenarios*
Position involves the following tasks:
- Serves as a subject matter expert to advise for RMF packages, strategies, and technical components to ensure compliance of NIST 800-53 security controls.
- Assess solutions' architectural designs for compliance with NIST 800-53 and DOD related policies for on premise and cloud-based solutions through FedRAMP A&A; prepare assessment documentation to support steps 0 – 3 of the RMF.
- Develop security artifacts to support the Cybersecurity program to include System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Policy and procedure document(s) to support the “dash-1” controls in the NIST 800-53 catalog, Plan of Action and Milestones (POA&M), System Design and Installation Procedures, System User Guides, Privileged User Guides, Security Test Procedures and other documents as needed.
- Support systems through all steps of RMF to support the Assessment and Authorization process through risk evaluation and recommendations for appropriate risk mitigations where able.
- Review vulnerability scan results at the operating system (OS) and application level and work with stakeholders to architect and implement mitigations.
- Bachelor’s degree in Computer Science or a related form of engineering training.
- Current DoD TS security clearance with ability to obtain an SCI.
- 6-8 years of Information Assurance/Cyber experience.
- 6-8 years of Federal and/or DoD experience.
- DoD 8570 level II IAT Level III (example: CISSP or equivalent).
- Strong knowledge of Risk Management Framework (RMF) principles and implementation, including the following steps: categorizing information systems, selecting security controls, implementing security controls, assessing security controls, authorizing information systems, monitoring security controls, and responding to incidents.
- Proven experience in supporting Authorization to Operate (ATO) packages for both NIPR (Non-Classified Internet Protocol Router Network) and SIPR (Secret Internet Protocol Router) environments.
- US Citizenship
- Familiarity with various NIST SPs that directly support cybersecurity activities.
- Familiarity working with FIPS-199 and FIPS-200 to support data type / security categorization analysis.
- Familiarity with briefing System Owners and similar personnel on A&A taskings and duties.
- Familiarity reviewing, drafting, developing and documenting various action and response plans (Incident Response, Contingency Plan, Configuration Management Plan, etc).
- Familiarity in supporting Steps 1 – 3 of the RMF (Categorization, Control Selection, Control Implementation).
- Comfortable with facing technical and process / procedural related questions specific to the RMF.
- Identify applicable STIGs for each system or area.
- Report STIG compliance.
- Aid in the hands-on application of STIGs as needed on Linux and Kubernetes.
- Familiarity with NSAs commercial solutions for classified (CSfC) Program.
- Familiarity with Defense Information Systems Agency (DISA) Secure Technical Implementation Guidelines (STIGs).
- Experience with remediating identified Information Assurance Vulnerability Alerts (IAVAs) within DoD systems.
- Strong organizational skills and excellent attention to details.
- Abilities to work independently and to manage time effectively.
- Effective communication skills with an appreciation for the appropriate ways to interact with managers, coworkers, customers, and vendors.
**This role has an internal job level of IV**
Working is no longer solely about the job. Here at Sealing Tech, we understand your happiness and health is vital to our success. We are innovative in our approach to cultivating balanced work environments and offer a plethora of added perks. Sealing Tech offers competitive compensation packages, health, dental, and vision insurance, retirement contributions, continuing education budgets, tuition reimbursement, flexible schedules, and generous vacation policies. Other perks include monthly catered meals, a stocked kitchen, and company retreats and gatherings. Plus, flexible work arrangements, pet friendly offices and quarterly merit bonuses for qualified employees. We are looking for a new member to join our team, take on challenges, be innovative and willing to grow with us. BUILD, SECURE, SOLVE