RMF Specialist Philadelphia, PA

Job Description
ATTENTION MILITARY AFFILIATED JOB SEEKERS - Our organization works with partner companies to source qualified talent for their open roles. The following position is available to Veterans Transitioning Military National Guard and Reserve Members Military Spouses Wounded Warriors and their Caregivers. If you have the required skill set education requirements and experience please click the submit button and follow the next steps.
Unless specifically stated otherwise this role is On-Site at the location detailed in the job post.


Position Summary:
As RMF Specialist you will produce and maintain RMF artifacts related to the authorization or de-authorization of assigned RMF packages pertaining to the systems under the cognizance of our client the Naval Surface Warfare Center Philadelphia Division (NSWCPD). You will create and maintain Assessment and Authorization (A&A) packages and artifacts create and maintain the package record in the RMF system of record (currently eMASS) and recommend security posture improvements. You will also provide subject matter expertise in RMF life cycle management including security controls assessment hardware/software list management Plan of Actions and Milestones (POA&M) management creation/revision/maintenance of RMF A&A Package artifacts and supporting the accreditation process from Step 1 thru Step 6 as needed. This work is to be performed at the Philadelphia Navy Yard.

Clearance Requirements:
Must be a US citizen with an Active DoD Secret Clearance
Essential Functions and Responsibilities:
Review existing policies procedures and guidelines to ensure compliance with NSWCPD and Navy Cyber Security/Information Assurance (IA) Policy
Review and comment on program documentation and key processes (e.g. Drawings Data Item Descriptions Contract Data Requirements Lists Concept of Operations Integrated Support Plan Software Acquisition Development and Integration Plan Software Requirements Specification and asset design drawings/documentation)
Maintain a Plan of Action and Milestone (POA&M) for all A&A-related tasks and deliverables in accordance with the Standard Operating Procedures
Document A&A-information in the A&A Package consistent with all other Packages and ensure that there are no omissions
Input reports in eMASS or deliver in MS Office-products/Visio and PDF formats as appropriate
Track deliverables and action items in accordance with A&A guidance
Ensure package compliance with stated of existing DoN and DoD policies
Manage attend and support configuration control board practices
Perform risk management and security engineering for Zone D boundaries to include IAVM support remediation patching scanning
and associated boundary maintenance
Determine a systems compliance with all applicable Controls and Assessment Procedures (Client) for an assigned DoN system including developing the appropriate test procedures if necessary; executing the test procedures; and accurately documenting the results of security testing
Ensure RMF artifacts are in compliance with published Navy NAVSEA Business Rules (OPNAV N2N6 and/or NAVSEA) NIST SPand SPRev 5.
Collect and collate system or site information and use it to evaluate and document in eMASS the security posture of the IT system being Assessed Authorized and maintained
Review security assessment plans test plans and procedures to ensure they addresses the correct level of effort and are sufficiently comprehensive to assess all IA requirements applicable to the IT system for assessment authorization and maintenance have been met
Optimize A&A testing procedures to ensure the most accurate reporting in the appropriate format and that all IA requirements have been addressed. Evaluate all discrepancies and recommend potential mitigation measures for reducing or eliminating specific risks
Work with the Information System Owner/ISSO/ISSE/ for applicable remediation and/or mitigation of weaknesses and to determine the adequate level of residual risk
Create and verify the accuracy of POA&Ms and Risk Assessments as identified by vulnerability actual test results
Ensure information systems are operated used maintained and disposed of in accordance with security policies and practices as required by the authorization package and NSWCPD.

Additional Qualifications/Responsibilities
Required Education Skills and Experience:
IAM Level I compliant (Security certification or equivalent)
Experience with security features and/or vulnerability of various operating systems as defined by NSA NIST DISA and USCYBERCOM.
Experience with IA vulnerability testing and related and system test tools: ACAS/Tenable Nessus) Security Technical Implementation Guides (STIG
Experience with eMASS
Preferred Education Skills and Experience:
Bachelor degree
Two (2) years experience with DIACAP or RMF package creation.
Physical Demands and Expectations:
Regular physical activity to include walking climbing stairs and standing; frequent periods of prolonged sitting may be required.
Ability to speak read hear and write with or without assistance.
Ability to use phone and computer systems copier fax and other office equipment.