ISSO

Overview:

Based in Northern, VA, Axiologic Solutions LLC has opportunities for you to become part of our high-quality team that delivers innovative solutions to key federal clients. We are currently seeking a RMF SME to support our growing team.

Responsibilities:

• Applies knowledge and understanding of Information Assurance (IA) and Risk Management Framework (RMF) concepts, practices, and procedures using established Intelligence Community (IC) and Agency policies and standards to minimize and/or mitigate RMF security risks.

• Work closely with functional-area architects, engineering, and security specialists throughout CIO to ensure adequate security solutions and controls are in place throughout all applications, IT systems, cloud systems, and platforms to mitigate identified risks sufficiently, and to meet business objectives and regulatory requirements.

• Guides projects and programs through successful assessment and authorization of system components for Authorization to Operate (ATO).

• Provides special consideration to intrusion detection, finds, and fixes unprotected vulnerabilities, and ensures remote access points remain secure.

• Collaborates with internal and external stakeholders to support, monitor, test, and troubleshoot software and hardware IA problems related to RMF.

• Develops, reviews, updates, and implements security plans, testing plans, and related system security documentation to ensure compliance with security standards and regulations appropriate to RMF environment.

• Participates in periodic risk assessments to re-evaluate risks, mitigation strategies, and sensitivity of the systems security posture.

• Evaluate the performance of ongoing security maintenance, for example, continuous monitoring (ConMon) or continuous diagnostics and mitigation (CDM).

• Ensures RMF's compliance with reporting requirements of the Office of the Director of National Intelligence (ODNI)/IC Chief Information Officer (CIO), in collaboration with the Defense Intelligence Agency (DIA)/IC Enterprise Audit Program guidelines.

• Work with the Cloud Operations teams in the definition and implementation of security standards and best practices for AWS and AZURE cloud environments.

• Establishes, maintains, and audits programs with IT enterprise infrastructure baseline configuration.

• Maintains cooperative relationships with business partners and other parties including functional owners, network security architects and engineers, and Information System Security Officers (ISSO).

• Develops and manages plans of actions and milestones (POA&M), waiver requests, audit and scanning policy, and security guidelines/checklists for Information Technology Agreement (ITA) system and device development.

• Manages and implements Data Interface Concept of Operations (CONOPS), Host Based Security System (HBSS), Contingency Operations/Disaster Recovery (COOP/DR), IA cert checks, and Memorandums of Understanding/Memorandums of Agreement (MOU/MOA).

• Remediates vulnerabilities per policy requirements and submit to Team Lead for review.

• Reviews, updates, and submits requests for all assigned projects in Xacta Database.

• Reviews development operations security (DevOpsSec) requirements for all projects assigned/status.

• Updates Security Controls Traceability Matrix (SCTM) and security test plans (STP) to support project test assessments.

• Submits scan requests and reviews project audit logs to include but not limited to SPLUNK, AWS, and AZURE Management logging consoles.

• Coordinates with assigned project team RMFs to support tasking assistance and requests.

• Supports RMF requirements and impromptu stakeholder requests concerning project progression.

• Attends various Scrum, Project Standup, and Technical Exchange Meeting (TEM) sessions to support assigned projects.

• Reviews and comments on technical documentation to ensure compliance with security standards and regulations.

• Performs other tasks as required.

Required Qualifications:

• Active Top Secret/Sensitive Compartmented Information (TS/SCI) with Counter-Intelligence Polygraph (CI Poly) security clearance.

• Education: Bachelor's Degree or equivalent training and experience.

• Minimum of twelve (12) years of experience

• Certified Information Systems Security Professional (CISSP), CompTIA Security+, or other relevant certifications.

• Experience with working with SPLUNK platform.

• Excellent oral and written communication skills with customer, team, and leadership.

• Excellent listening, interpersonal, and customer service skills.

• Excellent creative problem-solving skills.

• Ability to effectively prioritize and execute tasks under pressure.

Desired Qualifications:

* Master's degree with advanced training in RMF/IA Cyber Security.

Travel Requirements:

Travel may be required within Washington National Capital Region (NCR) on an as-needed basis for customer or corporate requirements.

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.