Job Title: Cybersecurity Risk Management Framework Engineer (RMF)

Company: Sugpiat Defense, LLC

Reports To: Robert Carrillo

Location: White Sands Missile Range, NM or Aberdeen Maryland (APG)

FLSA Status: Exempt

Salary: DOE

SUMMARY

The position shall govern and monitor the IT security posture of all network enclaves unclassified and classified, as well as provide authority on Cybersecurity policies that shall be adhered to from above the organization as well as internally made supplemental guidance. The candidate shall work closely with organization?s Government Information System Security Manager (ISSM), and DAC?s Service Provider, ARL. Network Information System Security Manager (N-ISSM) regarding policy creation, best business practices and general Cybersecurity governance. The candidate shall be the support POC for all RMF Assess and Authorize (A&A) responsibilities and Cybersecurity inspection actions for the organization.

The candidate shall be responsible for all activities relating to Cybersecurity procedures and systems. The contractor shall confer with and advise subordinates on administrative policies and procedures and resolving technical problems, priorities, and methods. The contractor shall consult with and advise other support teams within the DAC G-6 both contractor and government regarding internal controls and security procedures. The candidate shall prepare activities and progress reports relating to the information systems audit function.

Responsibilities

• Maintain accounts management responsibilities regarding the Army Cybersecurity program to include authorizing network account creation and deletion via IT ticketing system workflow.
• Maintain network account housekeeping in accordance with Army Regulation 25-2 (out-processing and inactivity audits for unclassified and classified network accounts).
• Create and maintain Standard Operating Procedure (SOP) for organization G-6 accounts management process.
• Maintain DoD Cybersecurity Awareness training and compliance records for CCDC-DAC personnel to include policy enforcement, weekly metric reporting and point-of-contact for training assistance.
• Maintain Acceptable Use Policy (AUP) and Privileged Level Access Agreement (PLAA) compliance for all CCDC-DAC personnel.
• Maintain DoD Cybersecurity (IA) Workforce for CCDC-DAC in accordance with DoD 8570.01-M to include validating certification and training requirements for privileged level access, drafting and maintaining appointment orders, and creating audit and reporting metrics for appointed Cybersecurity Workforce compliance.
• Manage the CCDC-DAC unit and all subordinate subunits within the Army Training Certification Tracking System (ATCTS).
• Respond to taskers related to privileged level access compliance issued by higher headquarters.
• Perform DoD RMF Access Control (AC) security control group STIG/SRG audits on unclassified and classified Active Directory network account OU?s.
• Perform Enhanced Trusted Agent (ETA) responsibilities for issuing and maintain PKI hardware tokens to CCDC-DAC personnel for classified systems.
• Perform first-response coordination for Negligent Disclosure of Classified Information (NDCI) i.e., classified spills in accordance with organization standard operating procedure for incident response.
• Perform first-response coordination of all CCDC-DAC G-6 Cybersecurity branch IT tickets created and routed by the IT Mission Support Center (ITMSC).
• Perform Software Assurance responsibilities for all new software applications to be introduced on CCDC-DAC unclassified networks, classified networks, and standalone systems.
• Perform Hardware Assurance responsibilities for all new IT hardware to be introduced on CCDC-DAC unclassified networks, classified networks, and standalone systems.
• Perform Data Sanitization procedures in accordance with Army and NSA data destruction policy and guidelines on DAC equipment designated for turn in/destruction.
• Manage all steps of the DoD Risk Management Framework (RMF) assess & authorize process.
• Develop Plan of Actions and Milestones (POA&M) for registered systems associated within the CCDC-DAC APMS portfolio.
• Assess security controls in accordance with NIST SP 800-53 for associated systems.
• Possess in-depth knowledge of all NIST and CNSSI publications related to RMF and security controls for national security systems (NSS).
• Develop and maintain System-level artifacts for associated systems within eMASS.
• Coordinate the development of technology-level artifacts with other teams responsible within the CCDC-DAC G-6.
• Advise other teams within the CCDC-DAC G-6 on DISA STIG compliance and mitigation strategies.
• Develop and maintain FISMA metrics for DoD Cybersecurity scorecard reporting.
• Ensure STIG checklists and associated artifacts for all technologies are reviewed and validation results are posted to DAC G6's STIG portal every 6months.
• Performs other duties as assigned.

EDUCATION and/or EXPERIENCE

• Must have one of the following combinations of education and experience: HS Diploma (or GED) and 8 years of general experience; Associate degree and 6 years of general experience; Bachelor?s degree and 4 years of general Cybersecurity experience.
• Requires a minimum of five (5) years of related experience in the cybersecurity Risk Management Framework, RMF, field.
• Active Top-Secret Clearance with SCI eligibility. (U.S. Govt requirement)
• IAM or IAT Level III to meet DoD 8570.01-M requirements.
• Certifications include one of the following: DoD 8570.01-M: GSLC, CISM, CISSP, CISA or CASP.
• Must be a U.S. Citizen.

KNOWLEDGE, SKILLS AND ABILITIES

PHYSICAL DEMANDS AND WORK ENVIRONMENT:

The work environment and physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to talk or hear. The employee is frequently required, sometimes for extended periods, to walk, stand, or sit. This role routinely uses standard office equipment such as computers, phones, photocopiers, filing cabinets, and fax machines. The employee is occasionally required to climb ladders or stairs; use hands to type, finger, handle, or feel; reach with hands and arms; balance, stoop, kneel, crouch, or crawl; and get in and out of vehicles. The employee must occasionally lift and/or move small or large objects up to 50 pounds. Specific vision abilities required by this job include close vision, distance vision, color vision, depth perception, and ability to adjust focus. While performing the outdoor field duties of this job, the employee will also be exposed to outside weather conditions and other conditions such as loud noises, fumes, odors, dust, etc. This position may require travel.

Note: This job description in no way states or implies that these are the only duties to be performed by the employee. He or she will be required to follow any other instructions and to perform any other duties requested by his or her supervisor. The statements herein are intended to describe the general nature and level of work being performed by the employee in this position. They are not to be constructed as an exhaustive list of responsibilities, duties, and skills required of a person in this position. Furthermore, they do not establish a contract for employment and are subject to change at the direction of Sugpiat Defense, LLC.

Sugpiat Defense, LLC is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, sexual orientation, gender identity, disability, or protected veteran status.

Sugpiat Defense offers preference to qualified Akhiok-Kaguyak Native Corporation Shareholders and their descendants and spouses and to shareholders of other corporations created pursuant to the Alaska Native Claims Settlement Act, in accordance with Public Law 100-241 and Title 43 U.S. Code 1626(g) and Title 42 U.S. Code 2003-2(i).