Summary: For this position, the Senior Risk Management Framework (RMF) Support Analyst advises Liberty ITS programs and the Director of Cybersecurity on the use and cybersecurity aspects of Software as a Service (SaaS), Platform as a Service (PaaS) and/or Infrastructure as a Service (IaaS) offerings, including how to secure an Authorization to Operate (ATO) or other cybersecurity-related approvals per VA policies and procedures.  The Senior Analyst works with the program team and other RMF Support Analysts to determine if an existing ATOed SaaS/PaaS offering would suffice or if a new SaaS/PaaS offering needs to be established for the application.  In either scenario, the Senior Analyst assists in securing approvals for the program’s deliverable to be deployed per the contract.  The Senior RMF Support Analyst uses their knowledge of VA cloud offerings, *aaS technologies and cloud- cybersecurity components to advise the program on integrating/interfacing their deliverables with cloud cybersecurity offerings. Remote work allowed.

Required Education: Bachelor degree in Cybersecurity, Computer Science, Electronic Engineering or other engineering or technical discipline is required

Required Years of Experience: 7+ years’ experience in cybersecurity, at least four of those years being RMF experience; at least five years’ experience in applying cybersecurity controls to SaaS/PaaS systems; 8 years of additional relevant experience may be substituted for the required education

Minimum Qualifications:

• Possess hands-on experience processing an Information System (IS) through a Federal government RMF process
• Ability to translate technical IS configurations into non-technical documentation
• Ability to document and explain SaaS application security control implementation to the System Owner and other cybersecurity professionals
• Experience gaining RMF approvals for DevSecOps products (MVPs and Standard Products) in a CI/CD environment
• Experience translating SAST & DAST scan findings into terms understandable by application developers and assist them in developing remediations
• Experience with common DevSecOps management tools, such as Git, GitHub, GitOps, Azure DevOps, Jenkins, etc.
• Experience with other deployment technologies, such as Terraform, Ansible, Docker, etc.
• Ability to prioritize workload and multi-task multiple projects under the Agile development methodology
• Hands-on experience with security tools like Data Leak Protection (DLP), Nessus/Security Center, Nagios, Splunk, eMASS/Xacta/CMAS, etc.
• Ability to work in a team with diverse backgrounds
• Are proficient in MS Office applications, including Word and Excel
• Strong problem solving and critical thinking skills
• U.S. Government security clearance, Position of Public Trust (PPT) background investigation or the ability to achieve a PPT

Preferred Qualifications:

• 1-2 years Department of Veterans Affairs (VA) RMF experience
• Current VA PPT background investigation
• Microsoft SharePoint management
• Experience working in an ISO/CMMI environment
• Understanding of Software Development Lifecycle Process, especially Agile Development (SCRUM and/or Kanban)
• Rational, Atlassian JIRA experience

Security Certifications:

• Minimum of a Certified Cloud Security Professional (CCSP) or GIAC Cloud Security Essentials (GLDC); Additional cybersecurity-related AWS/Microsoft Cloud certification(s) or Certificate of Cloud Security Knowledge (CCSK) desired