USA
6 days ago
RMF & ISSM Support Specialist

Sentar is dedicated to developing the critical talent that the connected world demands to create solutions to address the convergence of cybersecurity, intelligence, analytics, and systems engineering. We invite you to join the small business team where you can build, innovate, and secure your career.

Sentar is seeking a

Role Description:

The Defense Health Agency (DHA) supports the delivery of integrated, affordable, and high-quality health services to Military Health System (MHS) beneficiaries and is responsible for driving greater integration of clinical and business processes across the MHS. Our DHA teams make a difference daily by ensuring the security of the health records of active duty and retired military and their families!
The Defense Health Cyber Risk Management Team requires a RMF & ISSM Support Specialist to provide key services to a government client. This individual will be responsible for assigned Information Systems Security Manager (ISSM) efforts to complete RMF packages (Security Plans, Annual Security Reviews, Authorizations, POA&Ms, etc.), conduct continuous monitoring of assigned systems, and provide relevant cyber security expertise to ongoing programmatic lines of effort.

This position for Marketplace Cyber Support, Risk Management Executive Division (RMED) supported by the Defense Health Agency (DHA). The RMF & ISSM Support SME navigates and coordinates workflow, activity, and documentation necessary to achieve successful RMF objectives for DHA medical devices and systems.

Duties:

Coordinate with various stakeholders, e.g., Security Engineers, Network Administrators, System Administrators, Chief Information Officers (CIOs), Information Assurance Managers (IAMs) / Information Systems Security Managers (ISSMs), certification authorities (and representatives), accreditation authorities (and representatives), program managers, vendors, etc., necessary to properly identify, document, mitigate, and manage risk attributed to the target system, network, and/or application; Identify, develop (directly or in coordination with applicable experts), and incorporate common artifacts found in RMF authorization packages, e.g., system architecture and boundaries, hardware and software inventories, policies and procedures, risk assessment reports, POA&Ms, data flows, PPSM accounting, and other necessary system, network, and application documentation; Apply knowledge and experience in identifying, assessing, and documenting compliance against applicable DoD Information Assurance (IA) security controls (technical, management, operational), Service (e.g., Army) regulations, etc., within the RMF package; Apply knowledge of, and ability to use, applicable compliance and authorization reporting environments (e.g., eMASS, CMRS) to document the progress of RMF risk assessments; Conduct root cause analysis for inconsistencies or shortfalls in system cybersecurity posture; Utilize vulnerability scanning and assessment tool results (e.g., ACAS/Nessus/STIG Viewer/SCAP) necessary to identify and document compliance while providing cybersecurity recommendations based on organizational requirements; Analyze Host-Based Security System (HBSS) and/or Endpoint Security Solution (ESS) output and configurations; Coordinate with system POCs, review authorization boundary diagrams, architecture/data flow diagrams, hardware/software inventories, IP address/subnet assignments, Med-COI Zone taxonomy, and other artifacts; Utilize compliance and authorization reporting environments (e.g., eMASS, CMRS, COAMS, Microsoft Endpoint Configuration Manager (MECM), and Phoenix) and coordinate with system POCs to explain compliance requirements, assist in reaching compliance, and provide training; Develop meeting agendas/briefings and lead/attend and speak in meetings with stakeholders to discuss status of efforts; Apply NIST, DoD, and DHA security requirements to include NIST SP 800-53 controls, DISA Security Technical Implementation Guides (STIGs), and Security Requirements Guides (SRGs); Submit Weekly Status Reports (WSRs), when applicable.

Qualifications:

Clearance Level: Secret

Minimum Certifications: IAT Level II certification required; IAT/IAM III certification is a plus

Required skills, years, experience with technology, etc. needed:

10+ years of technical experience or a Bachelor's Degree and 6+ years of technical experience. Minimum 5 years of RMF experience Demonstrated experience with eMASS or similar RMF application. Proficient at O365 tools and environments, to include MS Teams, SharePoint, PowerPoint, Word, Excel, Visio, OneNote, and other related applications. Proficient at providing exceptional customer service. Familiarity with NIST SP 800-53, DISA STIGS/SRGs, CMRS, HBSS/ESS, MECM and Phoenix. Aptitude to provide thought leadership to the ISSM efforts to maintain an organizational or system-level cyber security program. Ability to identify, interpret and evaluate major applications, infrastructure, enclaves, and enterprise system environments based on proposed authorization boundaries. Ability to manage multiple projects simultaneously and thrive in a remote environment. Ability to work independently while also contributing to team member productivity. Must possess strong verbal/written communications and interpersonal skills.

Benefits at Sentar:

In addition to a great culture, Sentar not only fosters an inclusive work environment but also offers an extensive benefits package designed to cater to the well-being of its employees and their families.

Voluntary Medical, Dental, Vision, with Health Savings or Flexible Spending Plan options Voluntary Life, Critical Illness, Accident, and Long Term Care insurance options Group Term Life, Short-Term and Long-Term Disability is provided by Sentar to all qualifying employees Generous 401(k) match Competitive PTO plan that graduates quickly with years of service Other leave programs; holiday schedule along with bereavement, jury and military duty Mental health awareness programs Tuition reimbursement Professional development reimbursement Recognition and Awards programs

If you are not ready to apply for this position, submit your resume here to join our talent community. We'll keep you updated occasionally on new job opportunities.

Sentar is an Affirmative Action and Equal Opportunity Employer M/F/Vets/Persons with Disabilities

Our culture is one of inclusivity and support. Sentar is proudly an Equal Opportunity and VEVRAA Federal Contractor Employer M/F/Vets/Persons with Disabilities. Follow these links to learn more about your rights: EEO Is the Law Poster; EEO Is Law Supplement; and Pay Transparency.

We want you to build your career at Sentar, so if you are an individual with a disability and require a reasonable workplace accommodation applying for a job or at any point in the employment process, contact the Recruiting Manager at recruiting@sentar.com. Please indicate the specifics of the assistance needed. Thank you for considering Sentar in your employment search.

Build, Innovate, Secure Your Career at Sentar.

Confirm your E-mail: Send Email
All Jobs from Sentar, Inc.