Risk Management Framework Subject Matter Expert

Clearance Level
Cyber Security
Falls Church, Virginia
Arlington, Virginia

REQ#: RQ50152

Travel Required: None
Requisition Type: Regular

Job Description Summary:

General Dynamics Information Technology is seeking a Risk Management Framework engineer as part of our Cybersecurity Compliance team on the EOSS program in Arlington, Virginia.  The candidate will serve as the RMF Subject Matter Expert (SME).  The position includes being an Information Assurance Analyst leading and managing DoD Risk Management Framework (RMF) processes. The candidate will need to be intimately familiar with DISA STIGs, FISMA Compliance Requirements, NIST 800 Series.

5 – 10 years of cybersecurity experience with 5-7 years proficiency in RMF

Coordinate and review security documentation such as Security Plans (SSP), POA&Ms, Implementation Plans; and provide strategic recommendations to ISSM and ISOs

Experience working on large-scale and adhoc projects, supporting enterprise-level activities

Experience working in an enterprise environment supporting on-premise applications and enterprise service for cloud extension/ deployment

Develop and manage the POA&M tracker and Risk-Based Decisions (RBDs)/ Waivers for deficiencies

Perform self-assessments of NIST SP 800-53 Rev4 controls and document test results in the eMASS

Experience using and navigating eMASS tool to manage Assessment & Authorization (A&A) process

Assist Organizational ISSM (O.ISSM) and Program ISSM (P.ISSM) in meeting their duties such as reviewing A&A documentation

Ensure security-related concerns and incidents are reported to ISSMs and managed timely

Provide assistance to ISOs with the registration of security interfaces in PPSM

Must possess DOD 8570 IAT Level III certification, such as CISSP or CASP

ITIL Foundations is also required within the first 90 days of employment

Prepares security reports to regulatory agencies

Proficiency in cloud computing infrastructures, platforms, and services to support the deployment of IAAS or PAAS applications

Proficiency in performing risk-based reviews of Security Authorization Package

Provide guidance in developing, reviewing, and maintaining SSPs, Scan Results, and test result artifacts

Reviewing NIST SP 800 publication for managing security controls

Support the creation or modification of FISMA compliancy documentation such as Contingency Plans, Incident Response Plan and Access Control Plans

Evaluate system’s risk in respect to operation at the network, system, and application level

Evaluate vulnerability assessment results and STIG results and manage findings in eMASS

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.