Requisition Number: 2020-05-011
Job Title: Risk Management Framework (RMF) SME
City: Washington
State: DC

Return to list of Solutions By Design Careers

Risk Management Framework (RMF) SME

Apply Now

Description/Job Summary

SBD is seeking a Risk Management Framework (RMF) Subject Matter Expert (SME) to join our team.  The RMF SME will be part of a team providing Continuous Monitoring and Cyber Security Automation support for our federal customer located in Washington, DC.  The RMF SME supports all RMF activities including the process managing security and privacy risk, including information system categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. This person also supports the security activities associated with evaluating, implementing, managing security practices and continued operations of new and existing technologies across the Enterprise. The Contractor shall perform all duties and responsibilities in accordance with DHS 4300A, DHS ISSO Guide, and other applicable guidance.
 
Responsibilities Include:

  • Risk Management Framework (RMF) Activities:
    • Support all activities as outlined in the NIST SP 800-37, Risk Management Framework for Information Systems and Organizations. This includes the process for managing security and privacy risk that includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.
  • Continuous Monitoring:
    • Conduct audit log and account management reviews and update the Control Allocation Table and Trigger Accountability Log.
  • Security Authorization Documentation:
    • Initial development and, at least, annual reviews/updates of the FIPS 199, e-Authentication, Privacy Threshold Analysis (PTA)/Privacy Impact Analysis (PIA), Security Plan (SP), Contingency Plan (CP), and Contingency Plan Test (CPT), Interconnection Security Agreement (ISAs) and Memorandum of Agreement/Understanding (MOA/Us) and any other FISMA related security documentation.
  • Security Control Assessment Response:
    • Support all assessment activities by responding to interview questions as well as working with the system teams to gather appropriate evidence as directed by the SCA team.
  • Change Management:
    • Review all change requests for potential impact to the system security posture.
  • Configuration/Patch/Vulnerability Management:
    • Review scan results for the system assets, identify the respective remediation's for misconfigurations and weaknesses, and work with the system team to ensure timely implementation of fix.
  • Strategic Initiatives:
    • Support the organization on process improvement initiatives including identifying and implementing automation.

Required Qualifications

  • Must be a US Citizen able to obtain a federal clearance
  • Must be located in the Washington, DC metro area and be able to commute to the customer site in Washington, DC as needed (some remote work is acceptable)
  • Must have and maintain at least one active certification such as CASP, GSEC, GSLC, CISSP, CEH, CISM, and CISA, or other comparable certification which must be approved in advance by the Government PM (on a case-by-case basis)
  • 5+ years of experience managing IT projects and programs or specialized experience in one of the below positions: Information Systems Security Officer, Information Systems Security Engineer, Information Systems Security Auditor or Information Systems Security Manager
  • 5+ years of experience with analyzing, assessing and implementing corrective actions based on vulnerability management tools
  • 5+ years of experience with leading projects, technical writing, administrative tasks, and conducting briefings
  • 5+ years of experience in security engineering or security operations
  • Experience supporting the automation of technical environments. 
  • AWS, Azure and microservices knowledge is requirement.

Additional Requirements:

  • Experience in security process mapping, security process analysis, security process improvement concepts, models, and best practices
  • Excellent customer service, analytical, problem solving, team-building, and interpersonal skills
  • Ability to work independently and function as an integral part of the team
  • Excellent oral and written communication skills; technical and business focused, with the ability to document and describe security process information collected
  • Listening skills, the ability to detect explicit and implicit needs and wants
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Proven experience in building consensus and managing cross-functional teams
  • Demonstrated proficiency in vast array of Cyber Security platforms: Standard Application Online (SAO), Security Information and Event Management (SIEM), Intrusion Detection System (IDS)/Intrusion Protection System (IPS), Data Loss Prevention (DLP), Web Application Firewalls (WAF), Threat Intel, Endpoint Security
  • Advanced Microsoft Excel and Access skills to perform extensive data mining, correlation, and reporting
  • Experience working with NIST SP 800-53, RMF, FISMA, DHS and DoD policies
  • Listening skills, the ability to detect explicit and implicit needs and wants
  • Demonstrated ability to exercise good judgment, prioritize multiple tasks, and problem solve under pressure of deadlines and resource constraints
  • Ability to work independently and function as an integral part of the team
  • Strong analytical and problem-solving skills
  • Demonstrated interviewing and negotiation skills applicable to identifying, defining, and evaluating requirements
Apply Now
ACCESSIBILITY NOTE: SBD is committed to complying with all applicable provisions of the Americans with Disabilities Act, as amended (“ADA”), and applicable state and local laws. It is SBD’s policy not to discriminate against any qualified person or applicant with regard to any terms or conditions of employment on the basis of such individual’s disability. Consistent with this policy of non-discrimination, SBD will provide reasonable accommodations to an individual with a disability, as defined in the ADA or applicable law, who has made SBD aware of his/her disability, unless doing so would cause an undue hardship to SBD.  If you are an applicant and need a reasonable accommodation when applying for job opportunities within SBD, or request a reasonable accommodation to utilize SBD’s online employment application, please contact SBD-Talent@sbd2.com.


EQUAL OPPORTUNITY EMPLOYER: SBD is committed to the development of a creative, diverse and inclusive work environment. In order to provide equal employment and advancement opportunities to all individuals, employment decisions at SBD will be based on merit, qualifications, and abilities. SBD does not discriminate against any person because of race, color, creed, religion, sex, national origin, disability, age or any other characteristic protected by law (referred to as "protected status").