COMPANY OVERVIEW
Watershed Security is a Veteran Owned Small Business and a leader in providing quality Cyber Security Services to the Federal Government. Watershed is a great place to work, offering a challenging and respectful work environment. We are growing fast and strive to deliver our vision every day: “To inspire trust and respect with our customers and employees. Integrity in all we do.”
RESPONSIBILITIES AND DUTIES
Watershed is seeking a candidate to support services to facilitate various steps necessary to fulfill the Department of Defense (DoD) Risk Management Framework (RMF) and NEXCOMs RMP process for NEX systems. These services encompass the testing and evaluation of security controls to ascertain their correct implementation, ensuring that the systems operate as intended, and achieve the desired outcomes in meeting security requirements for information systems or organizations. Additionally, the contracted services will address the resolution of any issues related to Cybersecurity (CS) processes, implementations, or documentation that may arise during the Authorization to Operate (ATO) process. Beyond ATO, the contracted services will extend to continuous monitoring support, training, and involvement in policy and documentation review and development to support NEX systems. The candidate will also be responsible for the following:
+ Prepare the complete RMF A&A Package and participate in the RMF Collaboration with appropriate NEX personnel by providing the evaluated risk assessment of the system.
+ Responsible for reviewing and validating the author generated documents for the A&A effort to include all the information connected with the assessment of the Information System (IS). This includes but is not limited to the Security Plan (SP), Security Assessment Plan (SAP), Security Assessment Report (SAR) and Plan of Action and Milestones (POA&M).
+ Responsible for developing Test and Evaluation (T&E) Plans and Procedures.
+ Understand the use of CS tools in development of test plans, including Defense Information System Agency (DISA) Security Test Implementation Guides (STIGs), vulnerability scanners (e.g., Tenable Nessus), and other tools.
+ Optimize test plans and procedures to ensure the test plan addresses the correct level of effort and is sufficiently comprehensive to validate all CS requirements applicable to the IT system or site being assessed and authorized.
+ Execute test plans and assessment procedures to obtain test results and advise the site or system owner concerning any discrepancies, and re-tests, as necessary.
+ Assess the test and validation procedure results after all mitigation measures are applied to derive the risk of operating the system.
+ Assess test and validation procedure result findings and weaknesses for risk with respect to CS requirements and document mitigation measures designed to reduce risk to a minimal level.
+ Note unmitigated discrepancies, document countermeasures that are in place, and document a Plan of Action and Milestones (POA&M) for addressing open risk/residual risk items. Document all open risk and residual risk items in the Risk Assessment Report (RAR).
+ Assist in the development of RMF A&A and eMASS training. Conduct one (1) RMF A&A and one (1) eMASS training class during each option year of the contract.
+ Provide RMF Step 5 (Authorize System) support for NEX systems. Activities include but are not limited to the preparation and submission of the Plan of Actions & Milestones (POA&M) for each NEX system and participate in meetings with the AO as necessary.
+ Provide RMF Step 6 (Continuous Monitoring) support for NEX systems that have a current ATO.
QUALIFICATIONS AND SKILLS
+ Direct RMF (Risk Management Framework) experience within the last 3 months.
+ 5 years of RMF overall experience. U.S. Navy RMF process preferred.
+ Fully Qualified Navy Validator (NQV)
+ Immediate availability to conduct all required RMF steps to assess and authorize a system obtaining and maintaining a full ATO (Authority to operate).
+ Provide training and guidance for NEXCOM staff in all aspects of the RMF process.
+ Experience in RMF testing of all requirements and analysis required to complete an RMF package document for submittal and approval.
+ Experience performing vulnerability risk analysis on the deficiencies found during RMF testing.
+ Experience with Information Assurance tools and scanners used to evaluate the security posture of the system/enclave.
+ Active DoD Secret clearance or higher?
+ 10% Travel
Responsibilities of this position also include, but are not limited to:
+ Attending mandatory, annual training sessions
+ Providing regular status reports to management summarizing progress, challenges, metrics, and recommendations
+ Collaborating with team members to ensure effective communication and coordination
+ Attending recurring team meetings or huddles
+ Assisting in the development of new initiatives
*Contingent upon award*
BENEFITS AND PERKS
Watershed Security offers outstanding compensation and benefits including company paid medical and dental, short-term disability, tuition reimbursement, 401K plan with a generous match, 15 days of PTO to start and 11 paid holidays per year.
EOE M/F/Disability/Vet
Powered by JazzHR