Risk Management Framework Analyst Journeyman
Location: VA Area
Job: Risk Management Framework Analyst Journeyman
Schedule: Full-time
Shift: Day Job
Security Clearance Required: Yes
Potential for Remote Work: Hybrid

JOB DESCRIPTION
Description
Inc Magazine, Best Places to Work Award Winner- SJ Technologies is headquartered in Sugar Hill, Georgia, with multiple offices & remote team members across the US. Be a part of an award winning, WOSB-certified small business, specialized in IT Consulting. We value our team members and their contributions and to show our appreciation, we are proud to offer a comprehensive and competitive benefits package to candidates. Apply for more information regarding our benefits.
SJ is looking for a Risk Management Framework Analyst Journeyman to support a transformational infrastructure program for DCSA.
Responsibilities include but are not limited to:

• Responsible for cybersecurity authorization and compliance services supporting the risk management framework (RMF) process for a transformation infrastructure program within the DoD and current customer policies and procedures.
• Develop security, contingency, and configuration management plans, as well as assessment reports, plans of action and remediation milestones.
• Define criticality or sensitivity of systems, perform categorization calculations, and recommend corrective action.
• Recommend baseline security controls, assess changes in controls, and coordinates changes to security authorizations.
• Conduct evaluations to verify that design and implementation meet requirements.
• Implement security controls, and produce artifacts required for authority to connect.
• Assist with security control, risk, and vulnerability assessments, creating rules for scans and providing recommendations for implementation and mitigation/remediation.
• Prepares test plans and conducts security control and validation testing IAW with NIST SP800-53.
• Support site visits, interviews, and security tests and evaluations.
• Provide NIPRNet, SIPRNet, JWICSs and cloud information for Certification(s).
• Provide Enterprise Mission Assurance Support Service (eMASS) accreditation support.
• Track and presents outstanding eMASS packages, resolves issues impacting packages, and prepares impact statements or short-term ATO packages, importing required documents into eMASS.
• Develop and maintains inventory of site-specific profiles for assessments and controls.
• Capture, assess, maintain, and report asset information.
• Provide data capture and storage assessment reports.
• Assist in review of systems and documentation for compliance with IT security policies and requirements.
• Remediate findings and update certification and accreditation documentation.
• Support and perform system audits, assessments, inspections, and reviews.
• Support independent test and audit teams’ evaluations, providing access to assigned systems to run remote scans and support on-site POCs.
• Collect and analyze test data and recommends and assigns remediation.
• Evaluate proposed new products and protocols for impact to the accreditation posture.
• Provide monthly status reports on RMF packages.
• Provide inputs into the Activity Report.

Qualifications

• Experience in reviewing security requirements, recommending a mitigation strategy for deficiencies, and working directly with clients to provide solutions and education.
• ISSE certification or equivalent; ISSO and ISSM acceptable as well.
• CSSP-A or CSSP-M, Certification in one of the following areas, CEH< CFR, CSA+, GCIA, GCIH, GICSP, SCYBER, CISM, CISSP-ISSMP.

Education and Experience:

• BA/BS in information technology, computer science, or related.
• 2-4 years of related experience required.
• Security clearance is required.

Physical Requirements:

• Prolonged periods sitting at a desk and working on a computer.
• Must be able to lift up to 15 pounds at times.