Fort Bliss, TX
Active SECRET Clearance is required.
Position requires a qualified individual to execute all tasks necessary to maintain current Risk Management Framework (RMF) accreditation on all Tactical networks (3 enclaves). Specific tasks follow:
- Develop and review compliance documentation such as Configuration Management Plans, Network Infrastructure Plans, Business Continuity and Disaster Recovery Plans and all supporting policies in support of RMF assessment and authorization (A&A) activities.
- Review RMF and Networthiness documentation as required to ensure completeness of the artifacts for RMF acceptance.
- Monitor and routinely provide reporting in the Army Portfolio Management System (APMS) database.
- Assist in the coordination of the system testing with the identified independent authority, and ensure the following items are completed and collected for submission: System Identification Profile (SIP), RMF Implementation Plan (RIP), Certification Determination, RMF Scorecard, Plan of Action and Milestone (POA&M), Authorizing Official’s Decision, Residual Risk Acceptance, FISMA reports, and US Army Enterprise Mission Assurance Support Service (Army eMASS).
- Provide RMF integration and operational support for existing and new capabilities.
- Perform interviews of technical Subject Matter Experts (SMEs) as well as non-technical management personnel to ascertain the security posture of servers, network devices and clients.
- Select security controls, document implementation details, and assess against the RMF security controls IAW DoDI 8500, DoDI 8510 and NIST SP 800-53.
- Identify mitigating controls for identified risks and propose additional mitigation strategies for identified vulnerabilities
- Design and implement data network security measures; operate Network Intrusion Detection and Forensics; conduct performance analysis of IS security incidents.
- Ensure all users have the requisite security clearances, authorization, and need-to-know, and are aware of their security responsibilities before granting access to the IS.
- Develop and maintain IA education and training programs to include training of end users.
- Advise Army Customer leadership on information systems security issues. Provide trend data on security upgrades, security incidents, and number/severity of vulnerabilities.
- Provide advice to ensure that systems and personnel adhere to established security standards and Governmental requirements for security on these systems
- Maintain Tactical Network POA&M with additional information as required. Upload artifacts supporting ATO continuance. Respond to eMASS email notifications by remediating or mitigating identified shortages, issues or dated items needing attention
- Acquire eMASS certification in SIPRNET and maintain access to the eMASS database.
- Maintain and record Configuration Control Board (CCB) meeting minutes for record. Update eMASS as required with CCB notes and artifacts.
- Maintain and update RMF documentation as required.