Liberty was founded on the principles of challenge and change. We are looking for talented individuals that want to challenge the assumptions of what an IT partner is capable of delivering and help our clients achieve the transformational change that is critical for their success. If you have the knowledge, the experience, and the drive to succeed, Liberty has a place for you. We are committed to help you to realize your potential and achieve success in your career.
Please submit your resume and we'll contact you as soon as relevant positions open up that fit your skills and background.It is the policy of Liberty IT Solutions, LLC to provide equal employment opportunity without regard to race, color, religion, age, national origin, sex, gender, sexual orientation, gender identity/expression, disability, protected veteran status, genetic information, or any other basis protected by institutional policy or by federal, state or local laws unless such distinction is required by law.
Senior RMF Support Analyst, SaaS
- Job Title
- Senior RMF Support Analyst, SaaS
- Job ID
- Remote or Melbourne, FL 32934
- Other Location
Summary: For this position, the Senior Risk Management Framework (RMF) Support Analyst advises Liberty ITS programs and the Director of Cybersecurity on the use and cybersecurity aspects of Software as a Service (SaaS), Platform as a Service (PaaS) and/or Infrastructure as a Service (IaaS) offerings, including how to secure an Authorization to Operate (ATO) or other cybersecurity-related approvals per VA policies and procedures. The Senior Analyst works with the program team and other RMF Support Analysts to determine if an existing ATOed SaaS/PaaS offering would suffice or if a new SaaS/PaaS offering needs to be established for the application. In either scenario, the Senior Analyst assists in securing approvals for the program’s deliverable to be deployed per the contract. The Senior RMF Support Analyst uses their knowledge of VA cloud offerings, *aaS technologies and cloud- cybersecurity components to advise the program on integrating/interfacing their deliverables with cloud cybersecurity offerings. Remote work allowed.
Required Education: Bachelor degree in Cybersecurity, Computer Science, Electronic Engineering or other engineering or technical discipline is required
Required Years of Experience: 7+ years’ experience in cybersecurity, at least four of those years being RMF experience; at least five years’ experience in applying cybersecurity controls to SaaS/PaaS systems; 8 years of additional relevant experience may be substituted for the required education
- Possess hands-on experience processing an Information System (IS) through a Federal government RMF process
- Ability to translate technical IS configurations into non-technical documentation
- Ability to document and explain SaaS application security control implementation to the System Owner and other cybersecurity professionals
- Experience gaining RMF approvals for DevSecOps products (MVPs and Standard Products) in a CI/CD environment
- Experience translating SAST & DAST scan findings into terms understandable by application developers and assist them in developing remediations
- Experience with common DevSecOps management tools, such as Git, GitHub, GitOps, Azure DevOps, Jenkins, etc.
- Experience with other deployment technologies, such as Terraform, Ansible, Docker, etc.
- Ability to prioritize workload and multi-task multiple projects under the Agile development methodology
- Hands-on experience with security tools like Data Leak Protection (DLP), Nessus/Security Center, Nagios, Splunk, eMASS/Xacta/CMAS, etc.
- Ability to work in a team with diverse backgrounds
- Are proficient in MS Office applications, including Word and Excel
- Strong problem solving and critical thinking skills
- U.S. Government security clearance, Position of Public Trust (PPT) background investigation or the ability to achieve a PPT
- 1-2 years Department of Veterans Affairs (VA) RMF experience
- Current VA PPT background investigation
- Microsoft SharePoint management
- Experience working in an ISO/CMMI environment
- Understanding of Software Development Lifecycle Process, especially Agile Development (SCRUM and/or Kanban)
- Rational, Atlassian JIRA experience
- Minimum of a Certified Cloud Security Professional (CCSP) or GIAC Cloud Security Essentials (GLDC); Additional cybersecurity-related AWS/Microsoft Cloud certification(s) or Certificate of Cloud Security Knowledge (CCSK) desired