IS/IT SME Level V -RMF/IA

Requirements

• Serve as the primary Subject Matter Expert (SME) for all aspects of the Assessment and Authorization process in accordance with the DoD Risk Management Framework (RMF) model.
• Lead the effort utilizing Enterprise Mission Assurance Support Service (eMASS) to document activities, including implementation of all applicable security controls as identified via information system security categorization in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and Committee on National Security Systems Instructions (CNSSI) 1253.
• Test and apply security controls based on security categorization, the application of overlays (privacy, classified, intel, etc.) and security control tailoring (AI, NOFORN, etc.).
• Collaboration with team leads, system owners, developers, and other key stakeholders to ensure security requirements are integrated throughout system design and implementation.
• Conduct active and passive reconnaissance of data, with the ability to assess and author Plans of Milestones and Actions (POA&Ms) containing accurate and verifiable mitigation statements, milestone tracking, and applying to the most relevant security control.
• Development of comprehensive required A&A documentation, including System Security Plan (SSP), Security Assessment Plan (SAP), Security Assessment Reports (SARs), etc.
• Adherence to the eMASS scheduled tasking within the accreditation cycle, including Quarterly Independent Verification and Validation (IV&V), quarterly STIG checks, Annual Security Review (ASR), monthly POA&M updates, and resubmission for ATO, ATC, IATC and IATT as applicable.
• Maintenance of DISA circuit connections (CCSDs), inheritance from accredited systems and cloud service providers, and the workflow schedule on accreditations.

Benefits

• Fully vested 401(k) matching program
• Coverage of family medical deductibles
• Spot bonuses
• Educational assistance