Information Assurance and Security, Senior Advisor

Risk Management Framework (RMF) is a DoD-mandated process for all systems, capabilities, services, network devices, and emerging capabilities operating on the DoDIN. The Contractor performs the following RMF tasks for each system, capability, service, or pilot. The Contractor uses established Government guidelines and reporting procedures. Each task shall be completed IAW RMF guidelines for each system, service, or pilot and is pivotal to ATO, quarantine of systems and services, continuous monitoring, inheritance to support other DoDIN systems and services, and testing of new capabilities. For each deliverable, the Contractor coordinates with the Government Project Lead for input on drafting, scheduling, modifying, and finalizing. The Contractor coordinates with the Government Lead on overall priorities and changes to Government processes and procedures.

Qualifications:

• Minimum of 12 years with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.
• Secret Security Clearance
• Experience performing the following tasks:
  •  
    Managing and maintaining a valid, current eMASS record for each system, capability, service, or pilot identified in Specific Tasks, and those identified by the Government as emerging requirements.
  •  
    Complete DoD Enterprise Mission Assurance Support Service (eMASS) self-paced training within the transition-in period or 30 days after hiring.
  •  
    Complete DoD training Enterprise Mission Assurance Support Service-eMASS (EM22014) virtual training within task order transition-in. https://cyber.mil/training/emass-em22014/
  •  
    Utilize the RMF Knowledge Service, policy, and guidance in the accomplishment of all RMF tasks.
• RMF Qualifications, Experience and Skills.
  •  
    Develop and submit a System Security Plan for each new eMASS record or child record.
  •  
    Apply all relevant control baselines and additional control overlays for each record.
  •  
    Assign all baseline security controls and RMF overlay controls.
  •  
    Assign inheritance per current DoD and Army continuous monitoring guidance.
  •  
    Update and maintain the software and hardware list to reflect any changes for each system, capability, service, or pilot.
  •  
    Update and maintain RMF records per site location, ensuring accurate hardware and software inventories, ACAS scans, and other unique site location data.
  •  
    Update and maintain PPS/firewall documentation to reflect any changes for each system, capability, service, or pilot.
  •  
    Ensure monthly production security scans are completed for each system, capability, service, or pilot and uploaded into the eMASS record.
  •  
    Ensure STIGs are routinely addressed at least quarterly, and controls are implemented and updated within the eMASS record.
  •  
    Update POA&Ms to reflect the results of the monthly security scans and STIG updates. Ensure POA&M items accurately reflect strong corrective actions or mitigations that reduce the security threat to the DoDIN-A, Army data, and Army customers. Verify that all remediation dates are achievable. Publish the POA&M workflow IAW with Government processes and procedures.
  •  
    Verify that applicable CTO POA&MS are saved into Artifacts, that the vulnerability is addressed within the eMASS POA&M, and that the POA&M workflow is released.
  •  
    Verify that system documentation is signed, reviewed on a yearly basis, and uploaded into the eMASS record.
  •  
    Complete the Annual Security Review and release the workflow.
  •  
    Update and maintain all other actions and functions within the eMASS record.
  •  
    Submit workflow for an ATO once all eMASS records actions are verified to be current and accurate; ensuring the workflow is complete and accurate and submitted 90 days prior to ATO expiration date.
  •  
    Attend monthly RMF updates on each system, capability, service, or pilot, as conducted to meet ATO suspense dates and development of new system authorizations.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world’s leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees do the can’t be done by solving the most daunting challenges facing our customers. Visit peraton.com to learn how we’re keeping people around the world safe and secure.