Senior RMF Analyst

Responsibilities

PeopleTec is seeking a Senior RMF Analyst for an opportunty to support our Huntsville, AL location. 

PeopleTec is a company that hires and develops technology talent and puts them to work on client projects across the United States.  We specialize in full stack development, Cloud, DevSecOps, Cybersecurity, Artificial Intelligence (AI), Business Intelligence (BI), Data Science, Machine Learning (ML) related initiatives, both in the federal and commercial space. We are currently seeking an RMF/Cybersecurity Engineer to support our Huntsville / Redstone Arsenal location.

The RMF/Cybersecurity Engineer serves as the person responsible for managing system authorizations throughout the entire Risk Management Framework (RMF).

Responsibilities

• Perform as ISSO for a S&T program, responsible for all security requirements, documentation, architecture, and A&A support services
• Provide oversight over multiple RMF initiatives across multiple projects
• Manage and lead junior RMF analysts
• Excellent communication skills required to brief senior leadership on system authorization status, issues, and corrective actions/plans for systems undergoing RMF authorization
• Good problem-solving skills to address unforeseen issues and develop resolution strategies
• Responsible for getting a system through IATT (ATO w/ conditions) starting from initial system characterization
• Understand the RMF process and work with the ISSM to get the system accredited
• Ensure information systems are properly registered within the eMASS
• ASS or XACTA Information Assurance Management tool (or most current tool), as appropriate, to document the RMF process and to ensure accountability for all related Body of Evidence (BoE) documents
• Collaborate with the engineering team for design and implementation to ensure that these RMF subsystems comply with The Federal Information Security Management Act (FISMA) provisions and DoD and Army Polices and Regulations for operational readiness
• Prepare all documentation that are required by the individual network Authorization Official (AO) for Authority to Operate (ATO) to their networks
• Conduct the security test and evaluation (ST&E) activities required and document results in the appropriate reports
• Prepare and review the required A&A documentation in accordance with the DoD, Agency, and Army policies regulations, publications, instructions, and procedures
• Provide engineering and technical assistance to support vulnerability scans, penetration testing, vulnerability analysis, scan analysis, and security analysis
• Perform information assurance and cybersecurity monitoring and review reporting to ensure the compliance to include the development and maintenance of POA&M documents in accordance with the RMF A&A continuous monitoring process
• Provide on-site accreditation testing support at CONUS and OCONUS locations as directed by the Government
• Completing system categorization process
• Developing the System Security Plan (SSP)
• Developing supporting artifact documentation
• Hands on experience running Assured Compliance Assessment Solution (ACAS) vulnerability scans, including raw scan data export and importing into eMASS
• Hands on experience completing Security Technical Implementation Guide (STIG) checklists using the DISA STIG Viewer tools.

Estimated Time to Hire:

8/2024

Qualifications

Required Skills/Experience:

• 3-5 years' experience managing system authorizations throughout the entire Risk Management Framework (RMF) process
• Hands on experience running SCAP Compliance Checker (SCC) benchmark scans
• Additional years of experience can be used in lieu of degree
• Demonstrated experience, and familiarity with DoD and Army Cybersecurity Polices and Regulations, and Certification and Accreditation (C&A) process to include the provisions of ICD 503, and the planning and execution of Security Test and Evaluation (STE) and Cybersecurity Test and Evaluation (CTE) events
• Travel: 30 %
• Must be a U.S. Citizen
• An active DoD Secret clearance is required to perform this work. Candidates are required to have an active Secret clearance upon hire, and the ability to maintain this level of clearance during their employment.

Education Requirements:

• Bachelor's degree in a cyber or IT related field
• DoD 8570 IAM II Certified

Desired Skills:

• DOT&E Acquisition RMF Experience

Estimated Time to Hire:

8/2024

Overview

People First. Technology Always.

PeopleTec, Inc. is an employee-owned small business founded in Huntsville, AL that provides exceptional customer support by employing and retaining a highly skilled workforce.

Culture: The name "PeopleTec" was deliberately chosen to remind us of our core value system - our people. Our company's foundation was built on placing our employees and customers first. With an award-winning atmosphere, we have matured into a company that boasts the best and brightest across multiple technical fields.

Career: At PeopleTec, we value your long-term goals. Whether it's through our continuing-education opportunities, our robust training programs, or our "People First" benefits package, PeopleTec truly believes that our best investments are our people.

Come Experience It.

#cjpost #dpost

EEO Statement

PeopleTec, Inc. is an Equal Employment Opportunity employer and provides reasonable accommodation for qualified individuals with disabilities and disabled veterans in its job application procedures. If you have any difficulty using our online system and you need an accommodation due to a disability, you may use the following email address, applicationhelp@peopletec.com and/or phone number (256.319.3800) to contact us about your interest in employment with PeopleTec, Inc.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, genetic information, citizenship, ancestry, marital status, protected veteran status, disability status or any other status protected by federal, state, or local law. PeopleTec, Inc. participates in E-Verify.