Lead RMF Liaison/Analyst

KBR   •  

North Charleston, SC

Industry: Business Services


15+ years

Posted 400 days ago

This job is no longer available.

Location: US-US-SC-North Charleston

Job Number: 1051297

Join a winning team! This is an exciting time at KBRwyle and here is a great opportunity to showcase your skills!

Under minimal supervision, performs assessment and authorization tasks, such as supporting CNIC process and procedure development, that are broad and complex in nature, requiring originality and ingenuity, instructs, counsels, and guides work of other members when functioning as Team Leader, while at other times will participate as a member of the team.

This position acts as a primary liaison with NAVY system owners for assessment and authorization (A&A) efforts. Conducts cybersecurity analysis in preparation for assessment and authorization. Covers technical information security aspects including, but not limited to, identifying risks, providing mitigation plan of action, analyzing system designs, assisting with assessment and authorization issues that may be preventing a system from receiving authorization, and developing custom mitigation solutions for information system vulnerabilities.

Key Areas of Responsibility:

Assessment and Authorization –

  • Identifies key stakeholders in the assessment and authorization effort for medical systems and networks and works with them to confirm that the system documentation reflects the current security configuration of the system, in terms of hardware and software components, data flow, interconnections, and ports, protocols, and services

  • Identifies potential risks associated with the configuration of the system and appropriate mitigation strategies

  • Conducts status meetings and determines next steps in moving the systems toward a successful accreditation effort

  • Works with the cybersecurity team to develop and implement the detailed test plan and review findings from self-assessment to determine readiness for independent assessment

  • Conducts manual checks of the systems during independent testing and reports them in a plan of action and milestones (POA&M) document

  • Uses the automated tools HIAT and eMASS to capture and report test results

  • Assists the system owners and system SAs in interpreting and applying mitigation strategies

Independent Validation and Verification (IV&V) –

  • Conducts in-depth analysis of IV&V and functional/operational test results for accuracy, compliance, and adherence to DoD and Federal cybersecurity technical and operational security requirements

  • Documents residual risks by conducting a thorough review of all the vulnerabilities, architecture, and defense in depth and provides the cybersecurity risk analysis and mitigation determination results for the Test Report

  • Assists the Validator with producing the risk assessment artifacts describing residual risks identified during certification testing

  • Schedules and conducts eMASS training for NAVY and Program Office personnel

  • Develops/maintains agency level cybersecurity policy and processes that implement DoD Cybersecurity program

  • Has an expert knowledge of NIST publications and is able to work strategically on transition of DIACAP to RMF

  • Has knowledge of DISA STIGs/FDCC requirements, defense-in-depth, and other information security and assurance principles and associated supporting technologies

Risk Assessment –

  • Communicates the security posture of systems up the chain of command via CSTAR and eMASS so that accreditation decisions can be made based on a thorough understanding of the risks associated with the particular configuration of systems and networks

  • Identifies strategies for improving the assessment and authorization processes and procedures to meet increasingly tight timelines and budgets


  • BA/BS in Information Systems Management, Computer Science or related discipline plus 15 years of experience. In lieu of formal education, at least 18 years of related experience. Specific contract requirements regarding education and experience will prevail.

  • Travel Requirement 25%

  • Must have CompTIA Securityto start work

  • OS Certification/Approved Training completed within 180 days of hire

  • Candidates must have at least an active Secret clearance. Candidates that do not have a clearance will undergo a government background investigation and must meet the requirements for access to sensitive government information if selected for position.

Additional Qualifications:

  • Experience with DIACAP and RMF in Navy a plus

  • Fully Qualified Navy Validator (FQNV) highly preferred

  • Experience with Accreditation package management in eMASS a plus

  • Possession of excellent customer service and organization skills

  • Possession of excellent oral and written communication skills