CACI International RMF Specialist / Cyber Security Engineer in Chesapeake, Virginia
CACI is seeking a Risk Management Framework Specialist to support the RMF Assessment and Authorization (A&A) process for all Military Sealift Command Integrated Business Systems (MSC IBS) in Chesapeake, Virginia.
This position will be responsible for providing expert level support in the implementation of the Risk Management Framework (RMF) in accordance with the National Institute of Standards and Technology (NIST) 800-43 rev4 and the Navy RMF Process Guide (RPG).
What You’ll Get to Do:
As an RMF Specialist, assist MSC-IBS perform Cybersecurity Engineering, Information Assurance, Vulnerability analysis, risk remediation, and the implementation of cybersecurity controls within DoD – Systems, supporting current and future MSC IBS Platforms.
Develop Risk Management Framework (RMF) accreditation artifact documentation to include Plan of Action and Milestones (POA&M), Mitigation Strategies, Security Assessment Plan (SAP) and System Security Plan (SSP).
Serve as Cyber Security Engineer with DIACAP and/or RMF experience who has deep expertise in security assessment documentation to support DoD systems and efforts to achieve their Authorization to Operate (ATO).
The scope of this position includes full life-cycle Assessment and Authorization (A&A) management through all 6 Steps of the RMF process in support of the Government ISSM.
Review systems to identify potential security weaknesses and recommend improvements to amend vulnerabilities, implement changes, and document upgrades.
Maintain responsibility for managing cybersecurity risk from an organizational perspective.
Review and assess security documentation to ensure full implementation of the NIST 800-43rev4 baseline control set.
Review and maintain vulnerability scanning tool compliance and reporting to ensure compliance with all applicable directives, such as VRAM reporting, EXORD and IAVMs.
Track and maintain continuous monitoring, STEP 6, authorization to operate (ATO) statuses and authorizations with conditions, of the MSC Integrated Business Systems.
Draft and review cybersecurity policy documents that affect the MSC IBS.
Review and assess Assured Compliance Assessment Solution (ACAS) scans and Security Technical Implementation Guide (STIG) checklists for accuracy and completion.
Validate and document all open findings into approved POA&Ms, with approved mitigations, if needed.
Make determinations if there are risk posture changes when system modifications are requested for authorized systems.
Limited travel may be required.
You’ll Bring these Qualifications:
A Bachelor’s Degree in a technical field with at least two years of experience in Risk Management Framework processes. Experience may be substituted in lieu of a degree.
Cybersecurity Credential at or above one of the following DoD Directive 8570.01 requirements:
IAT Level II (e.g., Security + CE, CCNA Security),
At least 2 years- experience in the development and accreditation of Risk Management Framework-impacted systems or equipment that led to successful attainment of an Authorization to Operate (ATO).
Basic level familiarity with DoD, DoN, and other Cyber Security Regulatory compliance bodies
Experience in the Authorization (A&A) processes, and implementation of the Risk Management Framework (RMF) process from start to finish and experience must include a deep understanding of DoDI 8510.01 implementation in updating, creating and maintaining RMF packages through all process steps
US Citizenship required, US Government Secret security clearance or ability to obtain clearance required
Excellent verbal and written communications skills
Preferred but not required, experience working with the Navy Authorizing Official (NAO) and The Office of the Navy SCA.
CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.