Apply on Employer Site

Dutch Ridge Consulting Group (DRCG), LLC · 10 hours ago

Risk Management Framework (RMF) Analyst

Norfolk, VA

Full-time

Onsite

Senior Level

5+ years exp

Dutch Ridge Consulting Group, LLC (DRCG) is a certified Service-Disabled Veteran-Owned Small Business providing high-quality support in various IT domains. They are seeking a Risk Management Framework (RMF) Analyst to support cyber OT&E missions by applying expertise in enterprise and system-level security design, ensuring compliance with cybersecurity policies and conducting comprehensive assessments of security controls.

Cyber SecurityEnterprise SoftwareConsultingInformation TechnologyProject Management

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Create, review, update, and validate cybersecurity Standard Operations Procedures (SOPs) as required

Review and maintain an inventory of authorized software (software custodian)

Review and maintain an inventory of government furnished devices and media

Ensure configurations on laptops and servers are validated prior to being deployed (as required)

Audit and validate configurations of network devices based on STIGs, or defining and implementing compensating controls of such STIGs as required to ensure mission execution

Maintain and update all RMF and A&A documentation to ensure relevancy and alignment with OPTEVFOR cyber OT&E mission assets to include required revisions and updates in eMASS

Conduct comprehensive annual RMF package reviews to ensure continued compliance of the cyber OT&E mission toolset, networks, and/or systems

Ensure traceability is maintained throughout the RMF submission process (e.g., A&A plan, Plan Of Action and Milestones (POA&M), Security Assessment Report (SAR), topology, software, ports protocols and services, test plan)

Maintain network and system documentation in DoD Information Technology Portfolio Repository-DON / DADMS

Maintain documentation and registration of network ports, protocols, and services

Maintain circuit registrations in Global Interconnection Approval Process System (GIAP) and Systems/Network Approval Process (SNAP)

Maintain and report on the status (weekly) of all outstanding A&A items and supporting documentation

As a member of the Configuration Control Board (CCB), ensure CCB approved changes are timely and accurately reflected in the A&A documentation

Support compliance validation of current and future directives (e.g.: IAVs, STIGs, TASKORD/CTOs)

Provide recommendations for corrective action of any non-compliant security controls

Execute DISA STIG validations for systems in conjunction with RMF/A&A package reviews annually in accordance with eh DoD Instruction 8510 series, Risk Management Framework for DoD systems

Provide security expertise to ensure security controls are implemented and the resulting documentation and artifacts are current

Prepare and maintain documentation, vulnerability scan results, system security assessments, and configuration management findings to support RMF compliance and inform system authorization decisions

Document assessment activities and results in sufficient detail to enable external review of all assessment processes, activities, results, and conclusions

Conduct and document a semi-annual tabletop exercise twice in a calendar year

Develop or contribute to security test plans and supporting documentation that verifies the implementation of assigned security controls and inform ongoing risk determinations

Review and analyze IT contingency / disaster recovery plans for NIST and DoN compliance, and produce checklists for IT systems

Assist with exercise and/or training and documentation of IT contingency plan and execution Able to work alone or in a small group to resolve tasks independently with minimal supervision

Adhere to guidance outlined in RMF Process Guide

Knowledge of the organization's enterprise information security architecture system

Ability to design and integrate security architectures and frameworks

Skill in translating technology and environmental conditions (e.g., laws, regulations) into security designs and processes

Knowledge of integrating organizational goals into security architecture

Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., defense-in-depth)

Skill in designing multi-level security and cross-domain solutions

Knowledge of cybersecurity-enabled software products and how they fit into security designs

Perform comprehensive assessments of management, operational, and technical security controls and enhancements

Document and address information security, cybersecurity architecture, and systems security engineering requirements throughout the acquisition lifecycle

Evaluate security architectures and designs to determine their adequacy

Develop and integrate cybersecurity designs for systems and networks with multilevel security requirements up to TS/SCI

Define and document the impact of new systems or interfaces on the security posture of the environment

Develop as needed, security compliance processes and/or audits for external services (e.g., cloud service providers)

Provide project management and subject matter expertise in OPTEVFOR Cyber OT&E test infrastructure and toolset certification and accreditation efforts

Employ secure configuration management processes and ensure systems and architectures align with cybersecurity guidelines

Provide advice on project costs, design concepts, and design changes

Skill in applying cybersecurity methods such as firewalls, demilitarized zones, and encryption

Knowledge of IT architectural concepts, including baseline and target architectures

Knowledge of key telecommunications concepts and principles

Knowledge of network systems management principles and tools

Knowledge of Cloud-based knowledge management technologies related to security and administration

Skill in using PKI encryption and digital signatures

Document and update architecture and related activities

Translate proposed capabilities into technical requirements and security requirements into application design elements

Provide input to the Risk Management Framework process and related documentation

Knowledge of Personally Identifiable Information (PII) data security standards and program protection planning

Knowledge of local specialized system requirements (e.g., critical infrastructure) and network security principles

Ability to optimize systems to meet enterprise performance requirements

Skill in using design methods and developing data management capabilities

Qualification

Risk Management Framework (RMF)Cybersecurity ArchitectureSecurity AssessmentsProject ManagementTS/SCI ClearanceCybersecurity ComplianceNetwork SecurityConfiguration ManagementSoft Skills

Required

TS/SCI clearance

Minimum 5 years' experience designing and integrating enterprise and systems security throughout the development lifecycle

Minimum 3 years' experience conducting thorough assessments of RMF-related management, operational, and technical security controls within DOD IT systems

Minimum 3 years' experience providing project management, subject matter expertise, and hands-on experience for systems certification and accreditation efforts in accordance with applicable DOD and DON cybersecurity policies and RMF guidance

Company

Dutch Ridge Consulting Group (DRCG), LLC

Dutch Ridge Consulting Group, LLC (DRCG) is an ISO 9001:2015, Department of Veterans Affairs (VA) Certified Veteran Enterprise (CVE) and Small Business Administration (SBA) Certified Service-Disabled Veteran-Owned Small Business (SDVOSB).

Founded in 2016

Beaver, Pennsylvania, USA

11-50 employees

https://drcg.us

Funding

Current Stage

Early Stage

Leadership Team

Douglas I.

President/CEO

Recent News

PR Newswire

Dutch Ridge Consulting Group Announces Partnership with Issured to Offer Private, Secure, and Tamper Evident Remote Video Interview Solution

2024-02-05

Company data provided by crunchbase