ChantillyRecruiter Since 2001
the smart solution for Chantilly jobs

Cyber Risk Management Framework (RMF) Subject Matter Expert

Company: Perspecta
Location: Chantilly
Posted on: April 27, 2021

Job Description:

Business Group Highlights

Intelligence

The Intelligence group provides high-end systems engineering and integration products and services, data analytics and software development to national and military intelligence customers. Serving federal agencies and the Intelligence Community for more than 50 years, the Intelligence group helps our clients meet their mission needs by providing trusted advisors, leading-edge technologies, and innovative solutions.


Responsibilities

The Cyber/Risk Management Framework (RMF) SME leads and manages all aspects the cyber security systems engineering of a space/ground acquisition program including the Risk Management Framework (RMF), the System Security Plan, and implementation of the Plans of Action and Milestones (POA&M) process. The leads serves as the technical subject matter expert for all security architecture design and cyber resiliency.
• Provides analytical and technical security recommendations to the customer
• Lead for the identification of projects’ security requirements
• Provides security recommendations for systems using Cloud services
• Participates in network design reviews and security testing for the customer’s networks
• Coordinates with system development teams to ensure network security standards are being followed and implemented correctly
• Identifies additional security requirements, based on RMF or as the result of security issues that put the customer’s systems at risk
• Reviews and analyzes new systems (hardware and software) and provides recommendations concerning their security
• Reviews Security Requirements Traceability Matrixes (SRTMs), System Security Plans (SSPs) and other IA documentation for completeness
• Develop security controls and derived requirements
• Develop and coordinate RMF documentation and supporting artifacts for the assessment and authorization (A&A) of the system.
• Develop and implement a Continuous Monitoring (ConMon) Strategy
• Support the development of a cyber-threat model that describes the types of threats
• Lead the development and implementation of a Plan of Actions and Milestones (POA&M) process
• Support the development of a system security architecture in the form of diagrams and descriptive
The Cyber/Risk Management Framework (RMF) SME provides feedback to design engineers and evaluates end-to-end systems and systems-oriented products through their entire life cycle. Working as expert, conducts research and evaluates technical performance of software products and overall segments and systems. Ensures products and systems comply with requirements and government information assurance and cyber security standards and practices through formal verification methods. Verifies/validates systems with specific emphasis on network operations and cyber warfare tactics, techniques, and procedures focused on the threat to information networks. Assesses performance using evaluation criteria and technical performance measures. Prepares assessments and cyber threat profiles of current and planned products based on sophisticated testing, research, and analysis. Participates in design reviews of components (hardware and software) to ensure applicability to the current system and traceability of requirements. Reviews test plans/procedures and ensures they verify/validate the requirements. Develops and maintains analytical procedures to meet changing requirements. Produces high-quality papers, presentations, recommendations, and findings for senior US government intelligence and operations officials.


Qualifications

Requires 12 to 15 years with BS/BA or 10 to 13 years with MS/MA or 7 to 9 years with Ph.D.

Desired qualifications include:

• Current U.S. Government Top Secret/SCI with Poly
• An Advanced Cyber Certification (DoD 8570/8140 IAT Level III)
• A certification in one of the below Cloud certifications:
• CompTIA Secure Cloud Professional (CSCP)
• CompTIA Cloud+ CE
• AWS certification (Associate or Professional in Solutions Architect, Developer, DevOps Engineer, or Security Advanced Networking)
• Certified Cloud Security Professional (CCSP)
• Cloud Certified Professional
• Google Certified Professional Cloud Architect
• Certificate of Cloud Security Knowledge
• VMWare Certified Advanced Professional – Cloud Infrastructure Administration
• Microsoft Specialist: Implementing Microsoft Azure Infrastructure Solutions
• Microsoft Specialist Architecting Microsoft Azure Solutions
• At least 3 year of demonstrated experience providing security engineering to cloud capabilities and solutions in AWS, Azure or other mainstream CSP
• Excellent communications skills – Verbal and Non-Verbal


About Perspecta

What matters to our nation, is what matters to us. At Perspecta, everything we do, from conducting innovative research to cultivating strong relationships, supports one imperative: ensuring that your work succeeds.  Our company was formed to bring a broad array of capabilities to all parts of the public sector—from investigative services and IT strategy to systems work and next-generation engineering.
 
Our promise is simple: never stop solving our nation’s most complex challenges. And with a workforce of approximately 14,000, more than 48 percent of which is cleared, we have been trusted to do just that, as a partner of choice across the entire sector.
 
Perspecta is an AA/EEO Employer - All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status.

 

As a government contractor, Perspecta abides by the following provision

 

Pay Transparency Nondiscrimination Provision

 

The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant.  However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of the other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c).

Keywords: Perspecta, Chantilly , Cyber Risk Management Framework (RMF) Subject Matter Expert, Other , Chantilly, Virginia

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Virginia jobs by following @recnetVA on Twitter!

Chantilly RSS job feeds