RMF & ISSM Support Specialist - Remote

Sentar

  • Phoenix, AZ
  • Permanent
  • Full-time
  • 1 day ago
Sentar is proud to be an employee-owned company, fostering a culture of empowerment, collaboration, and innovation. Sentar is dedicated to developing the critical talent that the connected world demands to create solutions to address the convergence of cybersecurity, intelligence, analytics, and systems engineering. We invite you to join the team where you can build, innovate, and secure your career.Sentar is seeking a REMOTE RMF & ISSM Support Specialist!The Defense Health Agency (DHA) supports the delivery of integrated, affordable, and high-quality health services to Military Health System (MHS) beneficiaries and is responsible for driving greater integration of clinical and business processes across the MHS. Our DHA teams make a difference daily by ensuring the security of the health records of active duty and retired military and their families!The Defense Health Cyber Risk Management Team requires a RMF & ISSM Support Specialist to provide key services to a government client. This individual will be responsible for assigned Information Systems Security Manager (ISSM) efforts to complete RMF packages (Security Plans, Annual Security Reviews, Authorizations, POA&Ms, etc.), conduct continuous monitoring of assigned systems, and provide relevant cyber security expertise to ongoing programmatic lines of effort.Role Description:This position for Marketplace Cyber Support, Risk Management Executive Division (RMED) supported by the Defense Health Agency (DHA). The RMF & ISSM Support SME navigates and coordinates workflow, activity, and documentation necessary to achieve successful RMF objectives for DHA medical devices and systems.Duties:
  • Coordinate with various stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Chief Information Officers (CIOs), Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs), certification authorities (and representatives), accreditation authorities (and representatives), program managers, vendors, etc., necessary to properly identify, document, mitigate, and manage risk attributed to the target system, network, and/or application;
  • Identify, develop (directly or in coordination with applicable experts), and incorporate common artifacts found in RMF authorization packages, e.g., system architecture and boundaries, hardware and software inventories, policies and procedures, risk assessment reports, POA&Ms, data flows, PPSM accounting, and other necessary system, network, and application documentation;
  • Apply knowledge and experience in identifying, assessing, and documenting compliance against applicable DoD Information Assurance (IA) security controls (technical, management, operational), Service (e.g., Army) regulations, etc., within the RMF package;
  • Apply knowledge of, and ability to use, applicable compliance and authorization reporting environments (e.g., eMASS, CMRS) to document the progress of RMF risk assessments;
  • Conduct root cause analysis for inconsistencies or shortfalls in system cybersecurity posture;
  • Utilize vulnerability scanning and assessment tool results (e.g., ACAS/Nessus/STIG Viewer/SCAP) necessary to identify and document compliance while providing cybersecurity recommendations based on organizational requirements;
  • Analyze Host-Based Security System (HBSS) and/or Endpoint Security Solution (ESS) output and configurations;
  • Coordinate with system POCs, review authorization boundary diagrams, architecture/data flow diagrams, hardware/software inventories, IP address/subnet assignments, Med-COI Zone taxonomy, and other artifacts;
  • Utilize compliance and authorization reporting environments (e.g., eMASS, CMRS, COAMS, MECM, and Phoenix) and coordinate with system POCs to explain compliance requirements, assist in reaching compliance, and provide training;
  • Develop meeting agendas/briefings and lead/attend and speak in meetings with stakeholders to discuss status of efforts;
  • Apply NIST, DoD, and DHA security requirements to include NIST SP 800-53 controls, DISA Security Technical Implementation Guides (STIGs), and Security Requirements Guides (SRGs);
  • Submit Weekly Status Reports (WSRs), when applicable.
Qualifications:Clearance Level: SecretEducation: A technical Bachelors degree or minimum 10 years of technical experienceCertifications: DoD 8570 compliance to IAT Level II Certification or higher (e.g. CCNA Security, Security+ CE, CISSP, etc.).Experience:
  • Minimum 5 years of RMF experience
  • Demonstrated experience with eMASS or similar RMF application.
  • Proficient at providing exceptional customer service.
  • Familiarity with NIST SP 800-53, DISA STIGS/SRGs, CMRS, HBSS/ESS, MECM and Phoenix.
  • Aptitude to provide thought leadership to enterprise CIO/ISSM efforts to maintain an organizational or system-level cyber security program.
  • Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and enterprise system environments based on proposed authorization boundaries.
  • Ability to manage multiple projects simultaneously and thrive in a remote environment.
  • Ability to work independently while also contributing to team member productivity.
  • Must possess strong verbal/written communications and interpersonal skills.
Benefits at Sentar:Our unique ownership model attracts top talent, giving employees the freedom to take initiative and drive meaningful improvements. In addition to cultivating a thriving and inclusive work environment, Sentar offers an extensive benefits package designed to support the well-being of employees and their families. Employee ownership is the foundation of our culture, promoting participation, teamwork, and accountability while ensuring long-term financial security and a commitment to excellence.
  • Voluntary Medical, Dental, Vision, with Health Savings or Flexible Spending Plan options
  • Voluntary Life, Critical Illness, Accident, and Long Term Care insurance options
  • Group Term Life, Short-Term and Long-Term Disability is provided by Sentar to all qualifying employees
  • Generous 401(k) match
  • Competitive PTO plan that graduates quickly with years of service
  • Other leave programs; holiday schedule along with bereavement, maternity, jury and military duty
  • Mental health awareness programs
  • Tuition reimbursement
  • Professional development reimbursement
  • Recognition and Awards programs
If you are not ready to apply for this position, . We'll keep you updated occasionally on new job opportunities.Sentar is an Affirmative Action and Equal Opportunity Employer M/F/Vets/Persons with DisabilitiesOur culture is one of inclusivity and support. Sentar is proudly an Equal Opportunity and VEVRAA Federal Contractor Employer M/F/Vets/Persons with Disabilities. Follow these links to learn more about your rights: ; ; and .We want you to build your career at Sentar, so if you are an individual with a disability and require a reasonable workplace accommodation applying for a job or at any point in the employment process, contact the Recruiting Manager at . Please indicate the specifics of the assistance needed. Thank you for considering Sentar in your employment search.Build, Innovate, Secure Your Career at Sentar.

Sentar