The Defense group at Leidos is seeking a Department of Defense (DoD) Risk Management Framework (RMF) expert to lead various IT security risk management tasks and policy oversight in a high-paced, dynamic environment for a high visibility Information System at the Defense Threat Reduction Agency (DTRA) at Ft. Belvoir, VA (near Springfield, VA).
- Running ACAS scans, SCAP scans and manually going through STIG checklists.
- Very strong technical experience on Microsoft.
- Expert with a complete security control validation and assessment of a system or network to address known threats and vulnerabilities. The evaluation must consider and identify impacts as well as consideration of existing risk mitigation strategies.
- Developing Plan of Action and Milestones (POA&M) based on the assessment results.
- Ensure traceability of all vulnerabilities from raw assessment results to the POA&M.
- Conducting required vulnerability analysis to support mitigation and residual risk determination.
- Assisting with eMASS data entry requirements.
- Supporting the continuous monitoring program as necessary when Information System Continuous Monitoring (ISCM) results will be used to support continuing authorization requirements or ongoing authorizations.
- Requires BS degree and 12 - 15 years of prior relevant experience or Masters with 10 - 13 years of prior relevant experience. May possess a Doctorate in technical domain.
- 10 + years of IT related work experience required.
- DoD 8570 IAM Level III compliant certification required (CISSP preferred).
- Expert with RMF accreditation packages.
- Experience in all steps of the RMF process.
- Expert in evaluating security controls and compliance on a variety of hardware and software systems.
- Expert with eMASS.
- Excellent Communication skills.
- Ability to work effectively independently as well as within a team environment.
- Experience with assessing ACAS scans and importing into eMASS.
- Demonstrated a strong work ethic and ability and willingness to take on new challenges.
- Experience with writing Security Plans.
- Top-Secret required, Final TS-SCI preferred.
- Reading and interpreting network and dataflow diagrams.
- Experience with PPSM requirements.