If you are a job seeker with a disability and require a
reasonable accommodation to apply for one of our jobs, you will
find the contact information to request the appropriate
accommodation by visiting the following page:
7014- Cybersecurity RMF Auditor (consultant) Job Title:
Cybersecurity RMF Auditor - consultant
Location Options: Seaside, CA
Range: Bachelors + 4 years = 8-years of experience
Clearance: Top Secret
Company is willing to sponsor a qualified US Citizen for Top
Secret clearance who already possess an active Secret clearance
Start Date: Immediate.
Alliant Information Technologies, LLC (AIT), a wholly owned
subsidiary of IndraSoft, Inc., is seeking a seeking a highly
qualified RMF Auditor/Assessor with Secret clearance (TS Clearance
preferred) to work at the Defense Manpower Data Center (DMDC) in
Alexandria, VA. The candidate of choice will be a motivated
individual who works well as part of a multi-disciplinary
team. The candidate will support RMF assessment packages
across the DMDC enterprise, to include government cloud
To perform this job successfully, an individual must be able to
perform each essential duty satisfactorily. The requirements
listed below are representative of the knowledge, skill, and/or
ability required. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential
Must be a US citizen, possess a Secret Clearance, and be willing
to acquire and maintain a DoD Top Secret clearance.
Bachelor’s degree plus 4 years of assessment experience,
preferably NIST based Risk Management Framework (RMF). Experience
may be substituted for education requirement, No degree and a
minimum of 10 years of assessment experience (w/ RMF and eMASS)
Must have 1 active/current DoD 8570 IAM Level II certification
such as: CISSP (or Associate), CAP, CASP+CE, CISM, GSLC or,
Firm understanding of DoD security policies and practices Ex:
DoD 8510.01 RMF and NIST SP 800-53a.
Technical knowledge including: Windows, RHEL, networks, and
relevant DoD STIGs.
Excellent written and verbal skills are required.
ISSO and or CISM experience.
Familiarity with Information Technology components; operating
systems/servers, computer networking, switches, routers racks,
firewalls, VPNs, and DoD PKI systems.
Essential Functions and Responsibilities:
Identify process improvements to the audit processes to take
advantage of automated tools wherever possible.
Assist RMF Manager with the execution of the Risk Management
Framework (RMF) across multiple programs in accordance with the
National Institute of Standards and Technology (NIST).
Interfaces with stakeholders, functional points of contacts, and
Directly perform the following: Support application and system
accreditation packages and ATO's using the DISA Enterprise Mission
Assurance Support Service (eMASS).
Assess the Cyber Security risk of IT systems and applications
documenting them in formal risk assessments and supporting
artifacts associated with the Assessment & Authorization (A&A)
Assess artifacts and supporting evidence to satisfy all
applicable RMF Controls and corresponding Control Correlation
Validate appropriate implementation of security controls in
accordance with National Institute of Standards and Technology
(NIST) and DoD publications.
Support the development of and execution of the Security
Assessment Plans to ensure proper orchestration of testing
procedures in accordance with requirements set forth by DoD and
Conduct IAVM reviews; determine applicability through research
and coordination, update documentation, track status via defined
Review STIGS; checklist generation and management, determine
availability of new STIGs, update checklists to new STIG
Review HW/SW/PPS list and ensure they reflect the components and
data flows outlined in the authorization boundary diagram.
Conduct analyses of ACAS findings relevant to specific RMF
controls and boundaries and create associated POA&M.
Assign risk levels on controls assessed as non-compliant.
Support on-demand system audits or vulnerability assessments
when necessary to determine compliance.
Conduct manual reviews for non-automatable controls, both
technical and administrative.
Support the preparation of detailed documentation such as a
Security Assessment Plan, Security Assessment Report, Kickoff and
Support the preparation of or update the Plan of Action and
Milestones (POA&M) to document all known vulnerabilities to
correct or mitigate risks.
Additional responsibilities as assigned by management.
While performing duties of the job, incumbent will be exposed to
Normal demands associated with an office environment. Ability to
work on computer for long periods, and communicate with individuals
by telephone, email and face to face. This position requires
incumbent to have the ability to stand, walk, sit, use hands to
finger, handle or feel objects, tools, or controls, reach with
hands and arms, talk and hear. Employee must occasionally lift
and/or move up to 20 pounds. Specific vision abilities required by
job include close vision, distance vision, color vision, peripheral
vision, depth perception and the ability to adjust and focus.
Work Environment: The noise level in the work environment is
Equal Opportunity Employer/Protected Veterans/Individuals with
The contractor will not discharge or in any other manner
discriminate against employees or applicants because they have
inquired about, discussed, or disclosed their own pay or the pay of
another employee or applicant. However, employees who have access
to the compensation information of other employees or applicants as
a part of their essential job functions cannot disclose the pay of
other employees or applicants to individuals who do not otherwise
have access to compensation information, unless the disclosure is
(a) in response to a formal complaint or charge, (b) in furtherance
of an investigation, proceeding, hearing, or action, including an
investigation conducted by the employer, or (c) consistent with the
contractor’s legal duty to furnish information. 41 CFR