Position Description

Members of this Service Area provide technical expertise to manage RMF Authority to Operate (ATO) packages and support Cybersecurity functions. Review and implement applicable assessment and authorization (A&A) documentation in compliance with DoD Cybersecurity policy and agency guidance, including DoD 8500 series, CNSS 1253, and NIST special publications. Provide A&A and Cybersecurity support, including RMF for DoD IT, assessing compliance with STIGs, reviewing automated scans, security test and evaluation (ST&E), vulnerability assessments, and computer security responses. Create new and manage existing RMF packages using eMASS (or the applicable Air Force system of record).

The contractor shall provide Cyber Surety support on first shift and manage ANG NOS Risk Management Framework (RMF) packages for three networks and complete the following tasks:

• Provide technical expertise to manage ANG enterprise Risk Management Framework Authority to Operate packages.
• Manage RMF packages for 2 enterprise networks, another separate but interconnected information system, and supports inheritance artifacts for 90 ANG wings.
• Create and maintain Plans of Action and Milestones (POA&M), waiver and technical feasibility documentation while ensuring the technical accuracy of all evidence provided for RMF packages
• Monitor relevant policies and regulations for changes that may affect the system
• Provide and/or develop supporting evidence for RMF IA controls
• Monitor DISA and other authority repositories for relevant security bulletins and alerts
• Develop and/or maintain policies and procedures documentation
• Review and implement current applicable assessment and authorization (A&A) documentation in compliance with DoD Cybersecurity policy and agency guidance, including DoD 8500 series, ICD 503, CNSS 1253, and NIST special publications.

Minimum Qualifications

• Knowledge of DoD and A&A processes, activities, standards, and available analytical tools
• Experience with the Risk Management Framework
• Experience with NIST 800-53
• Experience with DISA STIGs
• Experience with eMASS tools
• Experience with BMC Remedy for tracking and coordinating work requirements
• Must have a minimum of three (3) years of related professional IP experience commensurate with tasks outlined in the service area.
• Must have the Certified in Governance, Risk and Compliance (CGRC) Certification offered from ISC2or earn the certification within 90 days.
• SECRET Security Clearance (FINAL)

What can a CDO employee expect?

At CDO Technologies, we believe in taking care of our employees with a comprehensive benefits package. Our health and welfare benefits include two medical plan options along with a LiveHealth program to see a doctor online anytime day or night. CDO offers dental, vision, and a Flexible Spending Account for medical or childcare. Employees may also enroll in a 401(k) plan with their first paycheck. Full-time employees also receive company paid short- and long-term disability and life insurance. We also provide tuition reimbursement, professional development, and certification reimbursements. Finally, CDO also offers employees a generous leave program including paid holidays, vacation, and sick leave.