Current Positions - Greenbelt, MD

Risk Management Framework (RMF) Analyst

Find out more

Risk Management Framework (RMF) Analyst

Position Description: The RMF Analyst will work seamlessly with the ISSM and other IT Security staff to conduct Authorization to Operate (ATO) activities. [Apply]

Years of Experience: 10 years

Education Requirements: Bachelor’s Degree

Preferred Certifications: CAP, Security+, CISSP, GSEC


• Oversee and actively manage relationships for assigned systems that may be contractor owned and contractor operated, ensuring vendors comply with agency security and privacy requirements.

• Actively coordinate with the infrastructure teams to plan, develop, implement and test security controls that meet Federal regulations, program objectives, operational needs and user experience required for the 2020 Census SoS, particularly data collection components. Support the integration of security across the SoS lifecycle.

• Lead the development and maintenance of security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Test Report, POA&M, annual FISMA assessment, and incident reports.

• Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to ensure vulnerabilities are remediated as appropriate. Actively manage vulnerabilities mitigation commitments from the integration team.

• Assist in establishing rules for program/project vulnerability scans, risk analyses and security assessments which includes addressing controls defined by OMB A130 Appendix III, FIPS 199, NIST SP800-37, NIST SP800-53, NIST SP500-299 (Draft) for both business operations and technical implementation throughout the eSDLC for the SoS. 

• Analyze and define security requirements for information protection. Analyze Decennial change requests for security impacts and provide recommendations to the 2020 Census GPMO.

• Analyze change requests for security risk, monitor and track security-related defects and resolutions, and make recommendations to the 2020 Census GPMO.

• Execute with limited direction or conceptual direction, anticipating customer needs and proactively supporting those needs.

· Assist in establishing and implementing a Continuous Diagnostics and Mitigation (CDM) capability with integrated security controls for the 2020 Census SoS.

· Assist in establishing a continuous monitoring strategy to proactively survey, monitor, and track security-related defects and the status of their resolutions to report to the 2020 US Census GPMO.

· Review program/project vulnerability scan results and report findings to the 2020 US Census GPMO and monitor and track their assessment and subsequent resolution using automated scripts where necessary. 

· Monitor for security breaches and participate in incident response activities and investigation of security breaches. Specifically, traditional ISSO audit responsibilities.

· Capture ATO artefacts that support independent assessment activities. Consolidate ATO artefacts for input into the USCB Risk Management Processing System.

· Present status of RMF efforts to Government customer and program meetings as required.

Required Skills: 

· In-depth technical experience and security exposure with core technologies, including Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, CDM

· Knowledge of FedRAMP and FISMA regulatory compliance requirements.

· Working knowledge of NIST SP800-53 Rev 4 controls, and implementation methodology with the ability to oversee traceability to the controls.

· Experience working throughout a complete IT Security life-cycle supporting a complex System of Systems. 

· Experience working as a compliance and security control planner and implementer.

· Adept at managing change control and technical working group.

· Thorough understanding of the security concepts and intricacies associated with Cloud Computing, Infrastructure, Data Protection, Digital Mobility, Application Security, and Regulatory Compliance.

· Ability to define and manage reporting and measurement systems for IT Security.

· Tools/Technology Experience: Functional knowledge of security tools for both Cloud environments and Data Center, including commercial and open source.

· Organizational Skills: Proven ability to plan and prioritize work, both their own and that of the project team. Ability to follows tasks to their logical conclusion and ensure that tasks and activities have been done to the right standard. Strong attention to detail.

· Team Work: Ability to enthuse and maintain team interest. Comfortable working both individually and as part of a team. Prepared to challenge ideas within a group in a constructive way. Ability to influence others and move a team toward a common vision or goal. Be recognized by customers as a key contributor. Friendly demeanor. Honest teammate.  

· Leadership: Acute business acumen and understanding of organizational issues and challenges. Able to work effectively at all levels in an organization.  Able to lead efforts and mentor junior staff.

· Communications: Ability to communicate clearly and effectively to team members and clients, verbally and in writing. Able to present ideas in a variety of ways depending upon audience and context. Excellent active listening skills. Willing to use alternate means of communication in order to keep their project moving when bottlenecks are present.

· Problem Solving: Natural inclination for planning strategy and tactics. Ability to analyze problems and determine root cause, generating alternatives, evaluating and selecting alternatives and implementing solutions.

Results oriented: Able to drive things forward regardless of personal interest in the task.