RMF Cybersecurity Analysts
Dark Wolf Solutions, LLC, Herndon, VA, United States
Dark Wolf is seeking RMF Cybersecurity Analysts to specialize in the roles described below including Information System Security Officers (ISSOs), Vulnerability Managers & POA&M Managers to join a collaborative team to develop, manage, and maintain the security posture of information systems with a focus on Assessment and Authorization (A&A), continuous monitoring and compliance with NIST & RMF. As an ISSO, POA&M Manager and/or Vulnerability Manager you will support your team and customer through authorization process planning, execution, and deployment ensuring high standards of security and compliance. This position will be based out of NoVA with hybrid/remote opportunity.
Key Responsibilities
Implementing cybersecurity best practices and identifying opportunities to improve efficiency and effectiveness
Supporting cybersecurity activities through all aspects of the systems’ life cycle from planning, development, and deployment while ensuring proper hardening and security analysis is enforced to protect the Confidentiality, Integrity, and Availability of the environment
Supporting the Risk Management Framework (RMF) lifecycle
ISSO Specific Requirements
Creating, managing, and maintaining A&A packages
Preparing system documentation to include System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), and security artifacts
Managing and implementing Continuous Monitoring activities, consisting of periodical reviews of controls, audits, vulnerability scans, and penetration test reports
Coordinating proper security control implementation with system administrators and engineers
Supporting the entry and maintenance of data into information system security systems of record, such as eMASS or Xacta, as necessary
Vulnerability Manager Specific Requirements
Operating Scanning tools to detect vulnerabilities, misconfigurations, and outdated software
Analyzing scan results with the ability to discern between system risks and false positives
Coordinating vulnerability management
POA&M Manager Specific Requirements
Compiling system vulnerabilities to include identifying remediation and mitigation requirements with the ability to provide fix actions and compensating controls
Tracking deadlines, SLAs, and ongoing statuses of efforts, to include remediation and closures
Performing POA&M maintenance
Verifying validity and completion of remediation actions, ensuring proper documentation and artifacts
Generating reports for leadership and auditors
Required Qualifications
Bachelor’s Degree in Computer Science or related field
3+ years of relevant Cyber experience
Experience as an RMF Engineer, ISSO, Information Assurance Engineer, Vulnerability Manager, POA&M Manager or like specialty
Hands-on Tool experience associated to role
Experience with NIST 800-53 and CNSSI 1253
Experience with risk management policies/procedures, to include DODI 8510.01
Ability to use prior experience and knowledge to address new situations; especially during interactions with clients
Ability to communicate on technical subjects using clear, concise, non-technical language to include strong written communications, ability to provide written feedback on documents, and ability to prepare briefings
2+ years of demonstrated knowledge and technical skills in: network architecture, configuration of a local area network (LAN), and securing operating systems
5+ years of experience with Microsoft Windows Server, Windows 10, Windows 11, Microsoft Office Suite (Word, Excel, PowerPoint), Apple/MAC OS, Unix/Linux systems, and virtualization software (VMware, Hyper-V, Virtual Box)
Experience using vulnerability and compliance assessment tools such as Nessus, SCAP, or App Detective
At least one (1) of the following cyber security certifications: Security+ CE, SSCP, CAP, CISM, CASP, CISSP, GSEC, GICSP, GSLC, CEH, CDNA, CSSLP
US Citizenship and have a Secret security clearance
Desired Qualifications
Two (2) or more of the following certifications: Security+ CE, SSCP, CAP, CISM, CASP, CISSP, GSEC, GICSP, GSLC, CEH, CDNA, CSSLP
Demonstrated experience giving technical guidance to system administrators
Three (3) or more years of experience with the IC Community’s/Sponsor’s A&A process, ICD 503, and NIST Risk Management
Any additional certifications relevant to system and cyber security not previously listed
Knowledgeable with the Air Force A&A process and requirements
Knowledge of SIEM tools such as Splunk/Elastic
Knowledgeable with DoD DevSecOps Fundamentals Playbook
Experience assessing technical environments and translating implemented security controls into clear NIST SP 800-53 control narratives and supporting Authorization to Operate (ATO) documentation
Cloud Platform familiarity with at least one service offering from AWS, Azure, or Google GCP
ACAS training
The salary range for this position is estimated to be between $100,000.00 - $150,000.00, commensurate on experience and technical skillset.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.
We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.
We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
#J-18808-Ljbffr
Key Responsibilities
Implementing cybersecurity best practices and identifying opportunities to improve efficiency and effectiveness
Supporting cybersecurity activities through all aspects of the systems’ life cycle from planning, development, and deployment while ensuring proper hardening and security analysis is enforced to protect the Confidentiality, Integrity, and Availability of the environment
Supporting the Risk Management Framework (RMF) lifecycle
ISSO Specific Requirements
Creating, managing, and maintaining A&A packages
Preparing system documentation to include System Security Plans (SSPs), Security Control Traceability Matrices (SCTMs), Plans of Action and Milestones (POA&Ms), and security artifacts
Managing and implementing Continuous Monitoring activities, consisting of periodical reviews of controls, audits, vulnerability scans, and penetration test reports
Coordinating proper security control implementation with system administrators and engineers
Supporting the entry and maintenance of data into information system security systems of record, such as eMASS or Xacta, as necessary
Vulnerability Manager Specific Requirements
Operating Scanning tools to detect vulnerabilities, misconfigurations, and outdated software
Analyzing scan results with the ability to discern between system risks and false positives
Coordinating vulnerability management
POA&M Manager Specific Requirements
Compiling system vulnerabilities to include identifying remediation and mitigation requirements with the ability to provide fix actions and compensating controls
Tracking deadlines, SLAs, and ongoing statuses of efforts, to include remediation and closures
Performing POA&M maintenance
Verifying validity and completion of remediation actions, ensuring proper documentation and artifacts
Generating reports for leadership and auditors
Required Qualifications
Bachelor’s Degree in Computer Science or related field
3+ years of relevant Cyber experience
Experience as an RMF Engineer, ISSO, Information Assurance Engineer, Vulnerability Manager, POA&M Manager or like specialty
Hands-on Tool experience associated to role
Experience with NIST 800-53 and CNSSI 1253
Experience with risk management policies/procedures, to include DODI 8510.01
Ability to use prior experience and knowledge to address new situations; especially during interactions with clients
Ability to communicate on technical subjects using clear, concise, non-technical language to include strong written communications, ability to provide written feedback on documents, and ability to prepare briefings
2+ years of demonstrated knowledge and technical skills in: network architecture, configuration of a local area network (LAN), and securing operating systems
5+ years of experience with Microsoft Windows Server, Windows 10, Windows 11, Microsoft Office Suite (Word, Excel, PowerPoint), Apple/MAC OS, Unix/Linux systems, and virtualization software (VMware, Hyper-V, Virtual Box)
Experience using vulnerability and compliance assessment tools such as Nessus, SCAP, or App Detective
At least one (1) of the following cyber security certifications: Security+ CE, SSCP, CAP, CISM, CASP, CISSP, GSEC, GICSP, GSLC, CEH, CDNA, CSSLP
US Citizenship and have a Secret security clearance
Desired Qualifications
Two (2) or more of the following certifications: Security+ CE, SSCP, CAP, CISM, CASP, CISSP, GSEC, GICSP, GSLC, CEH, CDNA, CSSLP
Demonstrated experience giving technical guidance to system administrators
Three (3) or more years of experience with the IC Community’s/Sponsor’s A&A process, ICD 503, and NIST Risk Management
Any additional certifications relevant to system and cyber security not previously listed
Knowledgeable with the Air Force A&A process and requirements
Knowledge of SIEM tools such as Splunk/Elastic
Knowledgeable with DoD DevSecOps Fundamentals Playbook
Experience assessing technical environments and translating implemented security controls into clear NIST SP 800-53 control narratives and supporting Authorization to Operate (ATO) documentation
Cloud Platform familiarity with at least one service offering from AWS, Azure, or Google GCP
ACAS training
The salary range for this position is estimated to be between $100,000.00 - $150,000.00, commensurate on experience and technical skillset.
In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification form upon hire.
We are strictly looking for direct, full-time W2 employees. We do not engage with third-party staffing agencies, C2C, or 1099 independent contractors for this role.
We are proud to be an EEO/AA employer Minorities/Women/Veterans/Disabled and other protected categories.
#J-18808-Ljbffr