Summary: For this position, the Risk Management Framework (RMF) Support Analyst guides multiple Liberty ITS programs through the VA’s Software as a Service (SaaS) and/or Platform as a Service (PaaS) approval processes, ensuring the deliverable achieves its an Authorization to Operate (ATO) or other cybersecurity-related approval on schedule.  The Analyst works with the program team to determine if an existing ATOed SaaS/PaaS offering would suffice or if a new SaaS/PaaS offering needs to be established for the application.  In either scenario, the Analyst secures approvals for the program’s deliverable to be deployed per the contract.  The RMF Support Analyst uses their knowledge of VA cloud offerings and cybersecurity components to advise the program on integrating/interfacing their deliverables with cloud cybersecurity offerings. Remote work allowed.

Required Education: Bachelor degree in Cybersecurity, Computer Science, Electronic Engineering or other engineering or technical discipline is required

Required Years of Experience: 4-7 years’ experience in cybersecurity, at least two of those years being RMF experience; at least three years’ experience in applying cybersecurity controls to SaaS/PaaS systems; 8 years of additional relevant experience may be substituted for the required education

Minimum Qualifications:

• Possess hands-on experience processing an Information System (IS) through a Federal government RMF process
• Ability to translate technical IS configurations into non-technical documentation
• Ability to document and explain SaaS application security control implementation to the System Owner and other cybersecurity professionals
• Experience gaining RMF approvals for DevSecOps products (MVPs and Standard Products) in a CI/CD environment
• Experience translating SAST & DAST scan findings into terms understandable by application developers and assist them in developing remediations
• Experience with common DevSecOps management tools, such as Git, GitHub, GitOps, Azure DevOps, Jenkins, etc.
• Ability to prioritize workload and multi-task multiple projects under the Agile development methodology
• Hands-on experience with security tools like Data Leak Protection (DLP), Nessus/Security Center, Nagios, Splunk, eMASS/Xacta/CMAS, etc.
• Ability to work in a team with diverse backgrounds
• Are proficient in MS Office applications, including Word and Excel
• Strong problem solving and critical thinking skills
• U.S. Government security clearance, Position of Public Trust (PPT) background investigation or the ability to achieve a PPT

Preferred Qualifications:

• 1-2 years Department of Veterans Affairs (VA) RMF experience
• Current VA PPT background investigation
• Microsoft SharePoint management
• Experience working in an ISO/CMMI environment
• Understanding of Software Development Lifecycle Process, especially Agile Development (SCRUM and/or Kanban)
• Experience with other deployment technologies, such as Terraform, Ansible, Docker, etc.
• Rational, Atlassian JIRA experience

Security Certifications:

• Minimum of a Security+CE; Additional Certificate of Cloud Security Knowledge (CCSK), Certified Cloud Security Professional (CCSP), SANS GLDC or cybersecurity-related AWS/Microsoft Cloud certification(s) desired