Liberty was founded on the principles of challenge and change. We are looking for talented individuals that want to challenge the assumptions of what an IT partner is capable of delivering and help our clients achieve the transformational change that is critical for their success. If you have the knowledge, the experience, and the drive to succeed, Liberty has a place for you. We are committed to help you to realize your potential and achieve success in your career.
Please submit your resume and we'll contact you as soon as relevant positions open up that fit your skills and background.It is the policy of Liberty IT Solutions, LLC to provide equal employment opportunity without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, disability, protected veteran status, genetic information, or any other basis protected by institutional policy or by federal, state or local laws unless such distinction is required by law.
RMF Support Analyst, SaaS
- Job Title
- RMF Support Analyst, SaaS
- Job ID
- Remote or Melbourne, FL 32934
- Other Location
Summary: For this position, the Risk Management Framework (RMF) Support Analyst guides multiple Liberty ITS programs through the VA’s Software as a Service (SaaS) and/or Platform as a Service (PaaS) approval processes, ensuring the deliverable achieves its an Authorization to Operate (ATO) or other cybersecurity-related approval on schedule. The Analyst works with the program team to determine if an existing ATOed SaaS/PaaS offering would suffice or if a new SaaS/PaaS offering needs to be established for the application. In either scenario, the Analyst secures approvals for the program’s deliverable to be deployed per the contract. The RMF Support Analyst uses their knowledge of VA cloud offerings and cybersecurity components to advise the program on integrating/interfacing their deliverables with cloud cybersecurity offerings. Remote work allowed.
Required Education: Bachelor degree in Cybersecurity, Computer Science, Electronic Engineering or other engineering or technical discipline is required
Required Years of Experience: 4-7 years’ experience in cybersecurity, at least two of those years being RMF experience; at least three years’ experience in applying cybersecurity controls to SaaS/PaaS systems; 8 years of additional relevant experience may be substituted for the required education
- Possess hands-on experience processing an Information System (IS) through a Federal government RMF process
- Ability to translate technical IS configurations into non-technical documentation
- Ability to document and explain SaaS application security control implementation to the System Owner and other cybersecurity professionals
- Experience gaining RMF approvals for DevSecOps products (MVPs and Standard Products) in a CI/CD environment
- Experience translating SAST & DAST scan findings into terms understandable by application developers and assist them in developing remediations
- Experience with common DevSecOps management tools, such as Git, GitHub, GitOps, Azure DevOps, Jenkins, etc.
- Ability to prioritize workload and multi-task multiple projects under the Agile development methodology
- Hands-on experience with security tools like Data Leak Protection (DLP), Nessus/Security Center, Nagios, Splunk, eMASS/Xacta/CMAS, etc.
- Ability to work in a team with diverse backgrounds
- Are proficient in MS Office applications, including Word and Excel
- Strong problem solving and critical thinking skills
- U.S. Government security clearance, Position of Public Trust (PPT) background investigation or the ability to achieve a PPT
- 1-2 years Department of Veterans Affairs (VA) RMF experience
- Current VA PPT background investigation
- Microsoft SharePoint management
- Experience working in an ISO/CMMI environment
- Understanding of Software Development Lifecycle Process, especially Agile Development (SCRUM and/or Kanban)
- Experience with other deployment technologies, such as Terraform, Ansible, Docker, etc.
- Rational, Atlassian JIRA experience
- Minimum of a Security+CE; Additional Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), SANS GLDC or cybersecurity-related AWS/Microsoft Cloud certification(s) desired