Senior Risk Management Framework (RMF) Analyst
Job Description The Position: IPNS is seeking a Senior RMF analyst to work a long-term project. In this mission-critical role, you will work seamlessly with the ISSM and other IT Security staff to conduct essential Authorization to Operate (ATO) activities. The ideal candidate will be results oriented, able to drive project tasks forward regardless of distraction or pressure. Responsibilities: · Oversee and actively manage relationships for assigned systems, ensuring vendors comply with agency security and privacy requirements. · Actively coordinate with the infrastructure teams to plan, develop, implement and test security controls. · Support the integration of security across the SoS lifecycle. · Lead the development and maintenance of security documentation. · Assess vulnerabilities to ascertain if additional safeguards are needed and ensure systems are patched and security hardened at all levels of the “stack,” and monitor to ensure vulnerabilities are remediated as appropriate. · Actively manage vulnerabilities mitigation commitments from the integration team. · Assist in establishing rules for program/project vulnerability scans, risk analyses and security. · Analyze and define security requirements for information protection. · Analyze Decennial change requests for security impacts and provide recommendations. · Execute with limited direction or conceptual direction, anticipating customer needs and proactively supporting those needs. · Assist in establishing and implementing a Continuous Diagnostics and Mitigation (CDM) capability with integrated security controls. · Assist in establishing a continuous monitoring strategy to proactively survey, monitor, and track security-related defects and the status of their resolutions. · Review program/project vulnerability scan results and report findings. · Monitor for security breaches and participate in incident response activities and investigation of security breaches. Specifically, traditional ISSO audit responsibilities. · Capture ATO artifacts that support independent assessment activities. Consolidate ATO artifacts for input into the USCB Risk Management Processing System. · Present status of RMF efforts to Government customer and program meetings as required. Requirements: · Bachelor's Degree in Computer Science, Information Technology, or related subject. · 10 years of experience in related field or role. · In-depth technical experience and security exposure with core technologies, including Cloud, Digital, Data Protection, User Management, Digital Mobility, Compliance, Application Security, Event Management, CDM · Knowledge of FedRAMP and FISMA regulatory compliance requirements. · Working knowledge of NIST SP800-53 Rev 4 controls, and implementation methodology with the ability to oversee traceability to the controls. · Experience working throughout a complete IT Security life-cycle supporting a complex System of Systems. · Thorough understanding of the security concepts and intricacies associated with Cloud Computing, Infrastructure, Data Protection, Digital Mobility, Application Security, and Regulatory Compliance. · Tools/Technology Experience: Functional knowledge of security tools for both Cloud environments and Data Center, including commercial and open source. Preferred Experience and/or Education : · CAP, Security+, CISSP, GSEC About our Company: IPNS gives you the opportunity to be part of a challenging, high-performing team, and work on a mission you can believe in and be proud of. Our core values are integrity, trust, and creativity. If you want to work hard to test the limits, find outside-the-box solutions, and be part of a growing company - then join us. IPNS is an equal opportunity employer; all employment decisions are made based on merit and business needs. The Company will consider all qualified applicants for employment without regard to race, color, religious creed, citizenship, national origin, ancestry, age, sex, sexual orientation, genetic information, physical or mental disability (including reasonable accommodations requests for an otherwise qualified individual), veteran or marital status, or any other class protected by law. Company Description At IPNS, we make our client's mission our own — planning and providing IT services and support that measurably improve mission effectiveness, level of service and other metrics. We've helped many agencies in the Civilian, Defense, and Intelligence communities upgrade to next-gen technology — and at the same time, control risks in strategic ways. We understand the technology needs of agencies in the Federal space, and the mandates and regulations under which they operate. The members of our leadership team have held senior IT positions in both Federal agencies as well as with larger defense contractors. This gives us unique insights as to the direction that Federal IT is headed, and the many types of IT services and support they need to get there. We deliver every project on time and under budget, 100% of the time, and we have earned the Federal Government's Exceptional rating for our contract, hiring, and staffing practices — the highest grade a firm can receive. Our systems are audited both by the US Government and by a Top 5 accounting firm, and we have passed our audits every single year with flying colors. To learn more about our IT services and support offerings, please contact us.