RMF Analyst

SAIC is seeking qualified applicants for RMF Analyst to provide Risk Management Framework (RMF) in support of the North American Aerospace Defense Command/United States Northern Command (N&NC) Information Technology (IT) Enterprise Services (NITES) contract, with primary work onsite in Colorado Springs.

The candidate selected for this position will be responsible for the following:

• Supporting the Risk Management Framework (RMF) process for the N&NC Enterprise by maintaining system registration and records within eMASS.
• Ensuring cybersecurity standards are consistently met to maintain a Cyber Operational Readiness Assessment (CORA) ready status.
• Managing continuous Cyber Security posture of enterprise systems and identify mitigations to meet DoDD 8500.01, DoDI 8510.01, DoDD 8140.01, and NIST SP800-53.
• Analyzing scans from ACAS, SCAP, and other approved tools to determine security posture of systems to develop/maintain Authority to Operate (ATO) for systems and enclaves.
• Determining system categorization in accordance with CNSSI 1253 in areas of confidentiality, integrity, and availability as information types and system interconnections change.
• Managing the development and maintenance of system security plans, ensuring proper Security Technical Implementation Guides (STIGs) are applied for each system and enclave.
• Ensuring all findings are properly documented in the Plan of Action and Milestones (POA&M) on an on-going basis.
• Creating and refining correct policies, procedures, and artifacts necessary to ensure controls are met.

Required:

• Certification required per DoDD 8140.03, Intermediate Level (Security+ or equivalent).
• BS or equivalent work experience in the Information Assurance / Cybersecurity field.
• 5+ years of overall IT security experience.
• 2+ years of experience as an ISSO for DoD systems.
• Direct experience in RMF artifacts and eMASS tracking of records.
• Experience creating, tracking, and completion of Plans of Action and Milestones (POA&Ms) for resolving security control deficiencies.
• TS/SCI security clearance.
• Provide status updates to System Owners and leadership.

Desired:

• Ability to work in a team focused, dynamic environment.
• Experience using STIG Viewer.
• Familiar with Assess Only Records IAW 8510.01.
• Exposure/Prior Experience participating in Change Advisory Boards.