This job board retrieves part of its jobs from: California Jobs | Daly City Jobs | Los Angeles Jobs

Job offers all over the United States!

To post a job, login or create an account |  Post a Job

  Find jobs 365  

Bringing you the best, highest paying job offers across the United States

previous arrow
next arrow

RMF Assessment Authorization (AA) Validator


This is a Full-time position in Charleston, SC posted May 1, 2021.

Title: RMF Assessment & Authorization (A & A) Validator KBR is currently seeking an RMF Assessment & Authorization (A & A) Validator to support an active government contract.

This individuals primary responsibility will be to lead efforts and perform tasks related to A & A within the Defense Health Agency (DHA) to ensure assigned DoD systems/Enclaves/Networks can obtain and maintain Authorization to Operate (ATO) and Authorization to Connect (ATC) certifications.

This individual will plan, coordinate and lead teams to conduct risk and vulnerability assessments of information systems to identify vulnerabilities, risks, and security requirements in accordance with DHAs A & A process.

This individual will be responsible for supporting DHA Security Control Assessor Representatives (SCAR), Security Control Assessor (SCA) and other DHA cybersecurity leadership in the execution and enforcement of DHAs cybersecurity and Risk Management Framework (RMF) Process.

Secondary responsibility will be the assessment of CCI, STIGs, and vulnerability scans of target systems identified in associated systems Security Assessment Plan (SAP).

LOCATION: Preference for candidates local to the Charleston, SC area.

However, we will consider other locations depending on the candidate.

Responsibilities include:
– RMF Process Package and Process Management
– Support and execute DHA RMF Independent Validation & Verification (IV & V) and Validator responsibilities and deliverables defined by the DHA RMF workflow.

To include:
– Review of systems architecture diagrams, hardware/software lists, accreditation boundary documentation, security plans and eMASS records
– Develop detailed Security Assessment Plans
– Support Development of IV & V cost estimates
– Execute reviews for and provide feedback to Program Offices within eMASS for Security Plan approvals, Authorization Packages, Risk Assessments and Annual Reviews
– Coordination among various stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs), SCA, SCAR, Authorization Officials (and representatives), program managers, vendors, etc., necessary to properly plan and coordinate IV & V and testing requirements for program office authorization efforts Position Summary:
– Knowledge and experience identifying, assessing, and documenting compliance against applicable DoD IA security controls (technical, management, operational), and DISA Security Technical Implementation Guides (STIGs)
– Familiarity with the use of vulnerability scanning and assessment tools (e.g., ACAS/Nessus/Tanium) necessary to identify and document compliance)
– Knowledge of and ability to use applicable compliance and accreditation reporting environments (e.g., eMASS, CMRS) to validate compliance and accuracy of a programs RMF package
– Knowledge of NIST SP 800-53 and 800-37, CNSSI 1254, and other DoD Risk Management policies
– Experience with Steps 1-5 of the RMF process
– IV & V Execution / Assessment:
– Run automated scans (SCAP/ACAS/Nessus) along with supplemental scripts
– Perform and assess manual DISA STIG checks
– Properly annotate discrepancies for Failed STIG checks and produce justifiable N/A statements
– Ability to troubleshoot technical issues on an adhoc basis Basic Qualifications and Skills Requirements:
– This position requires a Secret Security clearance.

U.S citizenship is required
– Must be willing and able to travel between 25
– 50%
– Bachelor’s Degree and 6+ years of technical experience or Twelve (12+) years of technical experience inlieuof the degree
– Minimum of an IAT level II certification.

IAT/IAM level III certification is preferred.

– Capable of providing thought leadership to the SCAR, SCA and other DHA cybersecurity.

leadership in his/her effort to identify risks, communicate recommended courses of action and recommend process improvements
– Ability to lead teams and regularly interact with senior level program personnel.

– Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and Enterprise system environments based on proposed accreditation boundaries
– Ability to manage multiple projects simultaneously
– Ability to apply and assess STIGs
– Ability to configure Nessus scans, and evaluate nessus files for accuracy
– Strong verbal and written communications and interpersonal skills Preferred Qualifications and Skills Requirements
– DHA Cybersecurity Directorate
– A & A packages within eMASS
– CISSP, CISM, CASP is desired
– Network device configuration: Switches, Routers, Load Balancers
– Microsoft IIS, Sharepoint, Apache Web Server/Tomcat
– Linux/Unix OS
– Microsoft SQL, MySQL, Oracle, PostgreSQL
– VMware ESXi or Microsoft Hyper-V
– Scripting knowledge/experience: generating scripts to remotely patch/audit systems.

– Knowledge of DISA STIGs/FDCC requirements, CTOs, TASKORDs, FRAGORDs, and emerging threats
– Knowledge of defense-in-depth and other information security and assurance principles and associated supporting technologies
– A self-leader, self-thinker, needs little direction, ability to work in a dynamic team environment, proven communication skills and client customer support, and ability to travel with little notice
– ACAS/Nessus scanning experience, building asset groups, creating audits, schedule scans and generating reports Scheduled Weekly Hours: 40 Basic Compensation: 76,400.00
– 114,600.00 The offered rate will be based on the selected candidates knowledge, skills, abilities and/or experience and in consideration of internal parity.

Additional Compensation: KBR may offer bonuses, commissions, or other forms of compensation to certain job titles or levels, per internal policy or contractual designation.

Additional compensation may be in the form of sign on bonus, relocation benefits, short term incentives, long term incentives, or discretionary payments for exceptional performance.

Benefits: KBR offers a selection of competitive lifestyle benefits which could include a 401K plan with company match, medical, dental, vision, life insurance, AD & D, flexible spending account, disability, paid time off, or flexible work schedule.

We support career advancement through professional training and development.

Job Eligible for Referral Payout: Yes Scheduled Weekly Hours: 40 KBR is an equal opportunity employer.

All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity or expression, age, national origin, veteran status, genetic information, union status and/or beliefs, or any other characteristic protected by federal, state, or local law.