Cybersecurity/RMF Analyst

Falconwood is a woman-owned / veteran-owned company providing consultation and programmatic support to Department of Defense (DoD) Information Technology (IT) initiatives and programs. We provide expert advice and consultation on a diverse range of IT subjects, focusing on acquisition, cybersecurity, engineering, logistics, and process development.

We have an immediate opening for a Cybersecurity RMF Analyst to support the Navy Enterprise Resource Planning (ERP).  The successful candidate will perform the complete DoD RMF Assessment and Authorization (A&A) process, to include system categorization, security control baseline selection and tailoring, security control implementation and assessment.  They will also get to perform continuous RMF monitoring including annual control assessments, POA&M monitoring and updates, creation and/or updating of security documentation, and development of mitigations for non-fully compliant controls. This position is based at the Washington Navy Yard and requires Secret Clearance.

• Assess the system effectiveness and compliance against National Institute of Standards and Technology (NIST) and DoD security requirements to include the NIST 800-53A controls and Defense Information Systems (DISA) Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs).
• Perform DISA STIG implementation assessments on IT platforms and applications.
• Research vulnerabilities, originating from various sources, for impacts and perform risk assessments of vulnerabilities and develop effective written mitigations to reduce felt risk.
• Produce evidence to support compliance status of NIST and DoD security requirements in an Amazon Web Services (AWS) environment.
• Develop, update, and review RMF documentation to include System Security Plans, Implementation Plans, Plans of Action and Milestones (POA&Ms), and Risk Assessment Reports and interact with these documents in the Government eMASS system.
• Complete Navy RMF processes as identified in the RMF Process Guide (RPG) and Security Control Assessor (SCA) Risk Assessment Guide (RAG).
• Perform continuous monitoring activities.
• Comply with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) Instructions.
• Required to use the automated RMF A&A tools, such as Enterprise Mission Assurance Support Service (eMASS), to complete and document DoD compliant RMF A&A activities.
• Oversee efforts to enhance security and reliability to ensure data shared with partner systems is properly protected.
• Provide weekly status reports and perform other related duties as assigned.

• Must have an Active SECRET DoD Security Clearance.
• Must have a Bachelor’s Degree.
• Must have minimum of three (3) to five (5) years’ experience in Information Security / Information Assurance / Cybersecurity analysis supporting systems, networks, applications, and cross-domain solutions.
• Must have in-depth knowledge of and will have successfully implemented NIST, DoD, and Navy Cybersecurity policies, guidance, and standards (e.g., DoDI 8510.01, FIPS-199, FIPS-200, NIST SP 800-37, NIST SP 800-53, NIST SP 800-53A, etc.).
• Must have experience with RMF/A&A and Cybersecurity policy development; explicitly Steps 4 (implement), 5 (assess), and 7 (monitor).
• Must perform independently and/or as part of a team to move the mission forward.
• Must communicate effectively in writing and verbally.
• Must be a self-starter and take ownership, responsibility, and initiative for the successful and timely completion of all tasks and areas assigned.
• Must meet SECNAV M-5239.2 Cybersecurity Workforce Credential requirements of IAT or IAM Level III, one of the following certifications: Security + ce, Certified Information Security Manager (CISM); Certified Information Systems Security Professional (CISSP); CompTIA Advanced Security Practitioner (CASP+); or GIAC Security Leadership Certification (GSLC).
• Must balance multiple projects to meet tight deadlines and customer satisfaction.
• Experience using the automated RMF Assessment and Authorizations (A&A) tools, such as eMASS, to complete and document DoD compliant RMF A&A activities.
• Preferred experience communicating, briefing, and working with senior level government and / or industry leadership.
• Preferred experience with large System Analysis Program (SAP) Enterprise Resource Planning (ERP) system cybersecurity.
• No travel anticipated.

125K - 135K