[Remote] Cybersecurity RMF Analyst
Note: The job is a remote job and is open to candidates in USA. KBR is a trusted partner delivering complex technical solutions and expert support to the U.S. Department of War. They are seeking a Senior Cybersecurity RMF Analyst to assess and document cloud-based security for mission-critical systems, leveraging expertise in RMF and compliance frameworks.
Responsibilities
- Assess cybersecurity standards and practices of cloud-based systems against FedRAMP, DoW, and DHA requirements
- Document cybersecurity posture in support of the RMF process
- Facilitate movement of multiple information systems through the RMF process and maintain accreditations through continuous monitoring and annual reviews
- Provide solutions to complex problems that require the regular use of expertise and creativity. Problems are broadly defined and solutions require the continuation of specialized theories and knowledge
- Serve as Subject Matter Expert (SME) on one or more technologies/skills related to A&A activities and documentation
- Participate in sessions aimed at identifying, planning, and executing strategies in response to emerging cybersecurity/RMF policies
- Maintain awareness and knowledge of evolving security and risk management standards and communicate and apply relevant changes to existing processes
- Develop, update, and/or review RMF documentation to include IV&V results, Risk Assessment Reports, and POA&M development
- Develop, update, and/or review cybersecurity documentation for the use of cloud native services such as those offered by Microsoft, Amazon, Oracle, and Google
- Assess system compliance against NIST, DoW, and DHA security requirements to include the NIST 800-53 controls, and DISA Security Technical Implementation Guides (STIGs) and Security Requirements Guides (SRGs)
- Produce evidence as necessary to support compliance status of NIST, and DoW
- Review and assess authorization boundary diagrams, service architecture diagrams, data flow diagrams, hardware and software inventories
- Analyze vulnerability scans of information systems
- Excellent customer service and organization skills
- Excellent oral and written communication skills
Skills
- Bachelor's Degree and ten (10) years of experience with Cybersecurity / Information Technology, or eighteen (18) years of hands-on experience with Cybersecurity / Information Technology in lieu of degree
- Active DoW Secret security clearance
- DoW 8570-compliant certification
- Demonstrated experience assessing, managing, engineering, or architecting cloud technologies from major vendors such as Microsoft, Amazon, or Google
- A cloud related certification such as Google Certified Professional Cloud Architect, Microsoft Azure Fundamentals, AWS Certified SysOps Administrator, or ServiceNow Certified Administrator
- Experience with Risk Management Framework
- Experience in RMF package review, including POA&Ms (mitigation statements), Security Plans, Risk Assessments, architecture diagrams, hardware/software inventories, and system/site policies, procedures, and processes
- Experience working within DoW
- Experience in assessing systems using NIST 800-53 and/or DISA STIGs and SRGs
- Excellent customer service and organization skills
- Excellent oral and written communication skills
- Experience working with DoW or DoN RMF processes or IT systems
- Experience with FedRAMP
- Familiarity and experience with the eMASS
- Technical experience with network, database, containers, AI, or DevOps technologies
Benefits
- 401K plan with company match
- Medical
- Dental
- Vision
- Life insurance
- AD&D
- Flexible spending account
- Disability
- Paid time off
- Flexible work schedule
- Professional training and development
Company Overview