Yesterday
Top Secret
Mid Level Career (5+ yrs experience)
$100,000 - $125,000
IT - Security
Sånta Rita-Sumai, Guam (On-Site/Office)
Seeking a Risk Management Framework (RMF) support specialist onsite in Guam to support a
government DoD client. Secret Clearance required.
Resources will need to be onsite as required to support mission requirements. The requisite duties,
knowledge, and experience are detailed below:
Report ongoing Risk Management Framework (RMF) package progress regularly to ISSM, HQ
teams and various leadership personnel throughout NAVFAC Enterprise.
Develop RMF artifacts and update existing ones to support successful new ATOs and ongoing
maintenance of existing ATOs.
o RMF Artifacts include but aren’t limited to:
Hardware and Software Lists
Network diagrams in accordance with (IAW) with NAVFAC FRCS Diagram
Requirements Job Aid
Ports, Protocols, and Services Management (PPSM) forms
Categorization Forms
Cybersafe Grading Checklists
Criticality Analysis Checklist (if applicable)
Security Plan (SP)
Security Assessment Plan (SAP)
System specific policies IAW NIST 800-53 control families
Implementation and System Level Continuous Monitoring (SLCM) Plans
Raw vulnerability scan results
Security Center generated reports
Manual Security Technical Implementation Guide (STIG) and Security
Requirements Guide (SRG) checklists (CKLs)
Contractor performs all necessary tasks to support RMF packages, including uploading artifacts
into eMASS in the proper format to support initial RMF authorization, maintenance, or
reauthorization efforts. Duties include:
o Implementing security controls in accordance with STIGs and SRGs
o Patching vulnerabilities on IT/networking devices and all IP-based controllers
o Conducting vulnerability scanning of all IP devices and generate reports
o Completing manual STIG checklists (CKLs) according to the approved SAP
o eMASS tasks such as inputting test results, uploading scan results, mapping
vulnerabilities to controls, updating and maintaining POA&Ms, and processing eMASS
workflows
o Providing on-site validation support
o Facilitating and managing change requests and authorization boundary changes with
Operational Technology Design Authority (OTDA)
o Collaborating with multiple departments to perform scanning and patching to include
intermittent nationwide travel according to multiple site requirements and availability
Preferred Qualifications (Desired):
Bachelors degree in IT/Cybersecurity related field
Experience with implementing Security Technical Implementation Guides (STIGs) and Security
Requirement Guides (SRGs)
Experience conducting ACAS scans and generating reports
Knowledge of industrial communication protocols
Knowledge of HVAC Systems equipment and operation
Knowledge of HVAC Control Systems
Knowledge of utility information systems and energy-management technologies
Three (3) years of related experience and/or training including military or civilian experience
Problem-solving skills and attention to detail
government DoD client. Secret Clearance required.
Resources will need to be onsite as required to support mission requirements. The requisite duties,
knowledge, and experience are detailed below:
Report ongoing Risk Management Framework (RMF) package progress regularly to ISSM, HQ
teams and various leadership personnel throughout NAVFAC Enterprise.
Develop RMF artifacts and update existing ones to support successful new ATOs and ongoing
maintenance of existing ATOs.
o RMF Artifacts include but aren’t limited to:
Hardware and Software Lists
Network diagrams in accordance with (IAW) with NAVFAC FRCS Diagram
Requirements Job Aid
Ports, Protocols, and Services Management (PPSM) forms
Categorization Forms
Cybersafe Grading Checklists
Criticality Analysis Checklist (if applicable)
Security Plan (SP)
Security Assessment Plan (SAP)
System specific policies IAW NIST 800-53 control families
Implementation and System Level Continuous Monitoring (SLCM) Plans
Raw vulnerability scan results
Security Center generated reports
Manual Security Technical Implementation Guide (STIG) and Security
Requirements Guide (SRG) checklists (CKLs)
Contractor performs all necessary tasks to support RMF packages, including uploading artifacts
into eMASS in the proper format to support initial RMF authorization, maintenance, or
reauthorization efforts. Duties include:
o Implementing security controls in accordance with STIGs and SRGs
o Patching vulnerabilities on IT/networking devices and all IP-based controllers
o Conducting vulnerability scanning of all IP devices and generate reports
o Completing manual STIG checklists (CKLs) according to the approved SAP
o eMASS tasks such as inputting test results, uploading scan results, mapping
vulnerabilities to controls, updating and maintaining POA&Ms, and processing eMASS
workflows
o Providing on-site validation support
o Facilitating and managing change requests and authorization boundary changes with
Operational Technology Design Authority (OTDA)
o Collaborating with multiple departments to perform scanning and patching to include
intermittent nationwide travel according to multiple site requirements and availability
Preferred Qualifications (Desired):
Bachelors degree in IT/Cybersecurity related field
Experience with implementing Security Technical Implementation Guides (STIGs) and Security
Requirement Guides (SRGs)
Experience conducting ACAS scans and generating reports
Knowledge of industrial communication protocols
Knowledge of HVAC Systems equipment and operation
Knowledge of HVAC Control Systems
Knowledge of utility information systems and energy-management technologies
Three (3) years of related experience and/or training including military or civilian experience
Problem-solving skills and attention to detail
group id: 91129865
