The Defense group at Leidos is seeking a Department of Defense (DoD) Risk Management Framework (RMF) expert to lead various IT security risk management tasks and policy oversight in a high-paced, dynamic environment for a high visibility Information System at the Defense Threat Reduction Agency (DTRA) in Ft. Belvoir, VA (near Springfield, VA). This candidate would also be in charge of Assured Compliance Assessment Solution (ACAS) for the Information System.
- Managing the Assured Compliance Assessment Solution (ACAS) for the Information System. This includes administrative functions and user functions.
- Running ACAS scans, SCAP scans and manually going through STIG checklists.
- Expert with a complete security control validation and assessment of a system or network to address known threats and vulnerabilities. The evaluation must consider and identify impacts as well as consideration of existing risk mitigation strategies.
- Developing Plan of Action and Milestones (POA&M) based on the assessment results.
- Ensure traceability of all vulnerabilities from raw assessment results to the POA&M.
- Conducting required vulnerability analysis to support mitigation and residual risk determination.
- Assisting with eMASS data entry requirements.
- Supporting the continuous monitoring program as necessary when Information System Continuous Monitoring (ISCM) results will be used to support continuing authorization requirements or ongoing authorizations.
- Requires BS degree and 8 - 12 years of prior relevant experience or Masters with 6 - 10 years of prior relevant experience. May possess a Doctorate in technical domain.
- 7 + years of IT related work experience required.
- DoD 8570 IAM Level III compliant certification required (CISSP preferred).
- ACAS expert.
- Expert with RMF accreditation packages.
- Experience in all steps of the RMF process.
- Expert in evaluating security controls and compliance on a variety of hardware and software systems.
- Expert with eMASS.
- Excellent Communication skills.
- Ability to work effectively independently as well as within a team environment.
- Demonstrated a strong work ethic and ability and willingness to take on new challenges.
- Top-Secret required, Final TS-SCI preferred.
- Reading and interpreting network and dataflow diagrams.
- Experience with PPSM requirements.