This is a full-time, remote position supporting a team located in Washington, DC. CFT offers a competitive benefit package and collaborative work environment with a strong company culture. Veterans and military spouses are encouraged to apply.
- Experience with supporting system Authority to Operate (ATO) processes and creating artifacts, control implementation details, and POAMs
- Experience with Information Security Continuous Monitoring (ISCM), RMF automation, Cloud Security implementation and maintenance, and Cyber Security best practices
- Experience with National Institute of Standards and Technology (NIST) security controls, the Governance, Risk Management, and Compliance (GRC) security documentation tool (Xacta), Risk Management Framework (RMF), and security compliance processes
- Experience with Federal Information Security Management Act (FISMA) and Federal Information System Controls Audit Manual (FISCAM) criteria
- Ability to facilitate meetings, analyze authorization documents and associated artifacts against authorization requirements to identify gaps, establish a schedule to address outstanding authorization requirements, and coordinate directly with system team stakeholders
- Ensure Assessment and Authorization packages conform to the format provided for the program
- Applies analytical and systematic approaches in the resolution of problems of workflow, organization, and planning
- Identify, manage, and verify security requirements, to include security controls, in the same manner as all other system requirements, ensuring traceability
- Work with developers and other team members to assist with the creation and maintenance of Risk Management Framework (RMF) packages
- Implement security controls through Systems Engineering Technical Processes
- Provide security support for planning, design, development, testing, demonstration, integration of information systems
- Conduct Security Technical Implementation Guide (STIG) reviews, and complete remediation of findings
- Provide full Security incident management
- Coordinate identification and remediation of vulnerabilities across multiple operating systems, using methods such as reporting, dashboards, and meetings
- Bachelor’s degree or equivalent work experience
- 10+ years of related experience
- Experience in the concepts, terms, processes, policy and implementation of cyber security
- At least 5 years of Cloud Security experience
- Preferred certifications: CISSP, Security +
- Experience with NIST special publications to include the Risk Management Framework to ensure the confidentiality, integrity and availability of the information systems.
- Experience maintaining Authority to Operate (ATO)
- Experience with Governance, Risk and Compliance tools such as Xacta
- Experience establishing security controls and compliance artifacts for ISSO review
- Ability to work overtime required on occasion
- Ability to sit in an office environment for long periods of time
- Remote and on-call responsibilities may be required
Must be able to sit and stand for long periods of time
Occasional travel and overtime may be required
Ability to obtain a Public Trust Clearance
COVID-19 Protocols: As a Federal contractor, CFT is required to comply with COVID-19 protocols applicable to the agency, facility, and location. All COVID-19 requirements are in line with government policies and CDC guidance applicable at the time.
CFT is a proud equal opportunity employer. All qualified applicants will be considered for employment without attention to age, race, color, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status. Discrimination nor harassment are tolerated.