General Summary:

Performs cloud-based system comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls in accordance with NIST 800-53.

Principal Duties and Responsibilities (*Essential Functions):

• Review RMF Packages for completeness and technical accuracy.
• Review and evaluate the effects on security of system changes, including interfaces with other ISs and documents all changes.
• Ensure that all ISs within their area of responsibility have received a current ATO.
• Complete eMass updates, ATO boundaries, deviations, POA&M documentation
• Assess the current Cyber Security posture and identify mitigations for risks
• Review existing documentation and perform edits to ensure the applicable controls are met to support acquisition decisions, program office requirements, and contracts. If documentation does not exist, create the correct policies, procedures, and artifacts to ensure applicable controls are met.
• Ensure system vulnerabilities are properly documented in the Plan of Action and Milestones (POA&M).
• Conduct vulnerability scans, identify the correct applicable Security Technical Implementation Guide (STIG) checklists for each system, determine the compliance status for each identified STIG, conduct RMF Control validation, and review a variety of DOD, Army, RMF and NIST documentation. This includes the SP, CMP, COOP, and other A&A artifacts to assess the cybersecurity posture of subject systems.
• Execute technical evaluation for compliance with Security Technical Implementation Guides (STIGs) and other applicable requirements.
• Review and provide assessments of all DoD Risk Management Framework (RMF) artifacts and associated documents.
• Expertise knowledge in running and validating cybersecurity tools that include, but are not limited to, the eMASS, Security Content Automation Protocol Compliance Checker (SCC), Assured Compliance Assessment Solution (ACAS)/Nessus, and STIG Viewer.

At COLSA, people are our most valuable resource and centered at our core value. We invite you to unite your talents with opportunity and be a part of our “Family of Professionals!” Learn about our employee-centric culture and benefits here.

Required Qualifications

• Associate's degree or Bachelor’s degree in a related field or equivalent experience, advanced degree preferred.
• Minimum of 3 related certifications may be used in place of unrelated degree field.
• Minimum of 10 plus years of work related experience.
• eMASS, STIG, ACAS experience
• RMF & accreditation experience
• Security +CE certification or equiv/higher
• Secret security clearance required

Preferred Qualifications

• CISSP/CISM certification
• CCSP certification
• Cloud based system knowledge and accreditation experience
• Cloud related certification

Applicant selected will be subject to a government security investigation and must meet eligibility requirements for access to classified information. COLSA Corporation is an Equal Opportunity Employer, Minorities/Females/Veterans/Disabled. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.