Delaware Nation Industries (DNI) is a prime contractor providing manpower and support of IT Operations and Maintenance within a Federal Agency. Our team must ensure the Agency's staff have secure and reliable access to the enterprise. We are currently interviewing for an experienced Risk Management Framework (RMF) Analyst to join our Cyber Security team.
Responsibilities:
- Tasks include conducting, supporting, and coordinating network intrusion detection events and analysis
- Using the DoD RMF in conjunction with other DoD guidance and directives, provide efficient and effective system Certification and Accreditation (C&A) support for IT systems and applications.
- These efforts include utilizing the Enterprise Mission Assurance Support Service (eMASS) to record RMF activities such as control implementation as identified in information system security categorization in accordance with NIST SP 800-53 and CNSSI 1253 in accordance with DoDI 8510.01 (RMF for DoD Information Technology). The number of families and controls will vary depending on the security categorization (C-I-A), the application of overlays and any security control tailoring.
- Select, implement, and document appropriate security controls following the Risk Management Framework (RMF) to obtain and maintain Authorization to Operate (ATO) status for the network and its major applications.
- Support the Cybersecurity organization, as required, to identify, analyze, define, develop, coordinate, implement and audit the security policies, procedures, and processes for the Agency's systems and infrastructure
- Evaluate, document, and report IT systems security posture and configuration for Agency's systems risk analysis
- Perform vulnerability management and reporting for Agency's systems and compliance with DoD Information Assurance Vulnerability Management (IAVM) policy
- Conduct wireless assessments of facilities to identify and evaluate IEEE 802.11 Wireless Access Points (WAPs) that exist within Agency's physical office location(s) and work with POC to determine if any rogue access points are in use
- Perform Web Application Assessments that identify web application specific vulnerabilities and assesses the security posture of selected web applications against NIST 800-53 standards, the Open Web Application Security Project (OWASP) Top Ten common vulnerabilities and DISA's Application Development STIG
- Perform Operating System Security Assessments to assess the configuration of select host Operating Systems (OS's) against standardized configuration baselines (DoD Secure Host Baseline (SHB) and the United States Government Configuration Baselines (USGCB)
- Conduct Database Assessments to determine the configuration of selected databases against configuration baselines to identify potential misconfigurations and/or database vulnerabilities
- Ensure that DoD Security Technical Implementation Guides (STIG) are in all applicable areas within the Agency's infrastructure and applications
- Support Cybersecurity Operations, as required, to develop monitoring, response and handling procedures for intrusion and malicious code incidents
Qualifications:
- Active Top Secret Clearance
- Requires a Bachelor's Degree plus 6 of Information Technology experience with at least 3 years in RMF Cyber Security.
- Requires DoD IAM Level 2 certification
- Strong knowledge of on-premises cybersecurity in a Windows computing and Cisco networking environment
- Hands on experience with ACAS, SCAP, Webinspect and Appdetective scans
- Hands on experience preforming STIG reviews
- Expert knowledge of ACAS scanning, maintaining Cyber servers, (e.g. patching, technical troubleshooting), IAVM management, and Sourcefire Intrusion Detection System.