Risk Management Framework Subject Matter Expert - CSLA at NEMEAN SOLUTIONS LLC – Fort Huachuca, Arizona

Nemean Solutions, headquartered in Sierra Vista, AZ, is a certified SBA 8(a) Native Hawaiian Organization (NHO) and veteran-operated company providing advanced Military Intelligence, Enterprise and Cloud IT services, Cybersecurity, Special Operations Forces (SOF) Exercise and Training, and niche Program Support and Professional Services to Federal and State Agencies supporting the US Government Defense, Intelligence and Aerospace sectors.

Job Overview:

The Risk Management Framework (RMF) Subject Matter Expert will perform functions of a qualified Information Assurance Manager at Level II, serving as a pre-deployment Information Systems Security Officer/Manager (IASO/IAM), Information Assurance Technical (IAT) Level II or Computer Network Defense - Auditor (CND-AU) consistent with performance standards and duties outlined in DoD 8570.01-M as mandated by the DFARS. This position is responsible for the information assurance (IA) program of an Information System (IS) or major mission application within the Network Environment (NE), ensuring IS are functional and secure. Personnel in this role focus on the enclave environment and support, monitor, test, and troubleshoot hardware and software IA problems pertaining to Computing Environments (CE), Network Environments (NE), and enclave environments.

Support Hours: Applicant shall be available during core work hours as established the Government customer.

Essential Duties & Responsibilities:

• Develop and implement system information security standards and procedures.
• Collect data from Computer Network Defense (CND) tools including intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyze events within the environment.
• Perform audit functions for the Agent of the Certification Authority (ACA) or other government Information Assurance (IA) Manager for risk mitigation and reporting.
• Generate reports for certification and accreditation packages or Certification of Net worthiness efforts.
• Perform assessments of systems and networks within the Network Environment (NE) or enclave and identify deviations from acceptable configurations, enclave policy, or local policy.
• Conduct passive evaluations (compliance audits) and active evaluations (penetration tests and/or vulnerability assessments).
• Draft, modify, and provide input for documentation and Technical Deliverables including white papers, diagrams, executive summaries, integration plans, Service Improvement Plans (SIP), System Design Plans (SDP), Information System Support Plans (ISSP), Change Management Plans (CMP), users' guides, System Security Plans (SSP), Enterprise Technical Procedures (ETPs), test plans, implementation guides and plans, Lists of Materials, and Assess Only packages.
• Develop artifacts in support of information systems RMF Assess Only and Assess and Authorize accreditation packages.
• Participate in security vulnerability assessments and risk mitigation activities for Enterprise systems/initiatives.
• Draft risk management plans for Government approval and assist in implementation.
• Review and provide comments to POA&Ms provided by Army Functional and NETCOM Subordinate Units for issues such as non-applied IAVMs, hot fixes, patches, and System Center updates.
• Assist the Government in performing technical tasks associated with the role of Information Systems Security Officer (ISSO).
• Assist the Government in performing and documenting annually required Federal Information Security Management Act (FISMA) activities IAW governing Organizations policies and procedures within RMF.
• Assist the Government in developing documentation and verbal input required for mission applications or information systems to be assessed or authorized to operate consistent with guidance provided by the Government IMO based on RMF policy.
• Create, prepare, disseminate, and maintain plans, instructions, and standing operating procedures (SOPs) concerning cybersecurity.
• Review RMF authorization packages and system fielding, operations, or upgrade requirements.
• Performs other related duties as assigned.

Competencies:

• Excellent verbal and written communication skills.
• Excellent interpersonal and customer service skills.
• Excellent organizational skills and attention to detail.
• Excellent time management skills with a proven ability to meet deadlines.
• Strong analytical and problem-solving skills.
• Ability to prioritize tasks and to delegate them when appropriate.
• Ability to function well in a high-paced and at times stressful environment.

Minimum Requirements/Education:

• BS in Computer Science or equivalent, or an additional 4 years of directly related experience and education.
• Minimum of seven (7) years' experience with the Army IA process including the application of STIGs and supporting/implementing the A&A process; or eleven (11) years without a qualifying degree.
• IAT Level II certification or higher (Security+, CISSP, or CASP), preferred.

Security Requirement:

• Active Secret Clearance

What Nemean Solutions, LLC offers:

Medical, Dental, and Vision insurance plans, Paid Time Off, sick leave, 401k Retirement Savings plan with company match, and more.

Nemean Solutions is proud to be a Veteran friendly employer and provides Equal Employment Opportunity (EEO) to all employees and applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability status, genetic information, marital status, ancestry, protected veteran status, or any other characteristic protected by applicable federal, state, and local laws. Equal Opportunity for VEVRAA Protected Veterans. Nemean Solutions, LLC will not discriminate against employees and job applicants who inquire about, discuss or disclose compensation information.

We are a Virginia Values Veterans (V3) Certified Employer and strongly encourage applications from veterans, transitioning service members, and military spouses.