The Risk Management Framework (RMF) Analyst for Cyber position is responsible for the creation, consultation, and ongoing assessment and authorization (A&A) documentation in compliance with Federal Cybersecurity policies and guidelines including DoD 8500 and NIST 800-53 controls. Additionally, the RMF Analyst for Cyber will evaluate information assurance compliance and coordinate program security documentation for various Federal customers.
The Cyber RMF Analyst is an industry recognized thought leader that has mastered multiple NIST/RMF practices. Provides insight and expertise on key solutions to best position CDW's approach, preparation, and delivery of new and emerging solutions.
- Serves as a subject matter expert to advise for RMF packages, strategies, and technical components to ensure compliance of NIST 800-53 security controls.
- Serves in a technical leadership role that includes consulting on systems and their plans, design, development, implementation of projects focused on Cyber Security.
- Develops and maintains strategic relationships with Sales Management of the teams and is seen as a ‘go-to person’ for cyber security strategies; and is on the forefront of new and emerging solutions and implications offerings and services.
- Develop and capture the requirements for a government security solution in collaboration with stakeholders.
- Assess solutions’ architectural designs for compliance with NIST 800-53 and DOD related policies for on premise and cloud-based solutions; prepare assessment documentation.
- Develop security artifacts to support the IA program to include System Security Plans (SSP), Security Assessment Reports (SAR), Risk Assessment Reports (RAR), Security Control Traceability Matrix (SCTM), Plan of Action and Milestones (POA&M), System Design and Installation Procedures, System User Guides, Privileged User Guides, Security Test Procedures and other documents as needed.
- Support systems through all steps of RMF and enable Gov Client to achieve and or maintain authorities.
- Review vulnerability scan results at the operating system (OS) and application level and work with stakeholders to architect and implement mitigations.
- Promotes a culture of knowledge sharing and collaboration by organizing knowledge bases, contributing regularly, and encouraging team members to contribute.
- Coaches and mentors team members to improve their technical, consulting, and sales skills.
- Conducts technical assessment and expertise evaluations for candidate selection process.
- Advises team members and sales prior to customer calls and/or sales strategy session on Course of Action (COA) decisions among competing technologies and solutions
- Presents technical topics at technology showcase events, such as key-notes at national industry or technology conferences and/or participates on Partner Technical Advisory Boards.
- Collaborates with Partners, Inside Solution Architects (ISA), and Account Executives (AE) to drive mapped opportunities; fine tunes strategies and approaches to achieve greater sales results.
- Regularly creates forward-thinking thought leadership deliverables (e.g., external monthly blog posts, internal technical strategy documents); provides insight into emerging technical trends affecting CDW’s portfolio; regularly contributes to major industry publications and/or speaks at national conferences
- Manages competing priorities and sets expectations with sales and other stakeholders through proactive communication, planning, and potential for return on investment.
- Leads the development of Bills of Materials, Statements of Work, RPFs, RFIs, and proposal content for cross-technology solutions with high levels of accuracy and quality.
- Maintains pre-sales pipeline data, develops plans, and takes actions to move opportunities to closure.
- Bachelor’s degree in Computer Science, a related technical degree or equivalent years of relevant military service
- 8 years of Information Assurance/Cyber experience
- 8 years of Federal and/or DoD experience
- DoD/OPM Secret or Top-Secret Clearance
- DoD 8570 level II IAT Level III (example: CISSP or equivalent).
- Familiarity with NSAs commercial solutions for classified (CSfC) Program.
- Familiarity with Defense Information Systems Agency (DISA) Secure Technical
- Implementation Guidelines (STIGs)
- Experience with remediating identified Information Assurance Vulnerability Alerts (IAVAs) within DoD systems
- Strong organizational skills and excellent attention to details.
- Abilities to work independently and to manage time effectively.
- Effective communication skills with an appreciation for the appropriate ways to interact with managers, coworkers, customers and vendors
- Travel between 25% - 50%
- Ability to work off hours as necessary to meet clients' needs
- Desirable: Security+, CEH, Linux+, AWS Certs, Redhat
- Knowledge of compliance standards for the organization to include NIST 80053 controls, RMF, 800-53, FEDRAMP, agency specific requirements and emerging IC/DoD polices for Cyber Security with a particular focus on Cross Domain Solutions