TIAG is now hiring a Risk Management Framework (RMF) SME to join our team full team in Port Hueneme, CA. This position will be on base at Port Hueneme and will move to hybrid, reporting onsite up to 3 days per week.
TIAG supports the NAVFAC Engineering and Expeditionary Warfare Center (EXWC) by providing cyber engineering and technology support services including Cybersecurity strategy, Technology development, Control System engineering, Cybersecurity evaluations, RMF processing, Test Bed management, Cyber Programmatic and Training Services in support of all NAVFAC personnel, stakeholders and users throughout the world.
As the Risk Management Framework (RMF) SME, you will provide support in operational, technical and process and author DoD IA Assessment and Accreditation (A&A) packages, to include development and analysis of required policies and other deliverables as required throughout RMF lifecycle. You possess an in-depth understanding and experience in the RMF Platform IT (PIT) and the implementation of Cyber Security and IA boundary defense techniques and various IA-enabled appliances. You will provide full RMF lifecycle support, including, but not limited to, assistance with system security categorization, system security control selection, tailoring, enhancement, compensation and supplementation, system security control assessments and implementation, artifacts, and continuous monitoring support.
Responsibilities Include

• Guides system owners through the RMF lifecycle of Operational Technology (OT) systems
• Determines the appropriate information types and identifies applicable security controls based on Confidentiality, Integrity, and Availability impact
• Assists architects and systems developers in the identification and implementation of appropriate information security control to ensure uniform application of security policy and enterprise solutions
• Validates and verifies system security requirements definitions and analysis to establish system security designs
• Authors or reviews assessment and authorization (A&A) artifacts, providing feedback on completeness and compliance of its content
• Assesses and mitigates system security threats/risks throughout the program life cycle
• Performs security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations
• Applies system security engineering expertise in one or more of the following: system security design process; engineering life cycle; information domain; cross domain solutions; commercial off-the-shelf and government off-the-shelf cryptography; identification; authentication; and authorization; system integration; risk management; intrusion detection; contingency planning; incident handling; configuration control; change management; auditing; certification and accreditation process; principles of IA (confidentiality, integrity, non-repudiation, availability, and access control); and security testing
• Analyzes and tests designated US Naval warfare system against known vulnerabilities based upon security approaches and known hacker techniques and exploits
• Researches, recommends and documents logical and physical solutions that prevent, detect and correct systems from being certified and accredited, applying DISA Security Technical Implementation Guides (STIGs) and NSA recommendations
• Identifies variances between as-built specifications, security requirements and DoD security policies and designs implementations to bring them into compliance
• Supports security authorization activities in compliance with DoD RMF process and other DoD and DoN policies and procedures
• Participates as a security engineering representative on engineering teams for the design, development, implementation and/or integration of secure networking, computing, and enclave environments
• Applies knowledge of cyber security policy, procedures, and workforce structure to design, develop, and implement secure networking, computing, and enclave environments
• Supports security planning, assessment, risk analysis, and risk management

Travel: Up to 20%
Required Experience

• DoD Secret Clearance
• Bachelor of Science (B.S.) in Information Technology, Cybersecurity, Engineering or similar preferred
• An Information Assurance certification in compliance with DoD 8570 (e.g. CISSP, NQV Level II, Level III Security ) (IAT Level II) is required
• 5 years of experience with the development, review and approval of Navy RMF A&A/DIACAP C&A packages for software systems and enclaves; Assured Compliance Assessment Solution (ACAS) experience desired
• Experience with ICS/SCADA systems
• Experience with DoD Enterprise Mission Assurance Support Services (eMASS) & Vulnerability Remediation Asset Manager (VRAM)
• Experience with IA / INFOSEC concepts and requirements: Firewall Policy, Ports & Protocols, Cybersecurity, Cybersafe, DoD A&A processes and standards, etc.
• Experience with the Defense Information Systems Agency published Security Technical Information Guidance (STIG) requirements and compliance process, SCAP Content Checker, Security Readiness Review (SRRs), and other DoD approved tools like Vulnerator
• Ability to manage time well to meet assigned milestones
• Strong communication skills; motivated to investigate, analyze, and document system issues and resolutions; provides consistent status updates to ensure IT security projects stay focused
• Strong work ethic and a proven professional - respectful, dependable, takes initiative and follows through

In California, the standard pay range for this role is $140,000- $160,000 annually. This range is specific to California and may not be applicable in other locations.
TIAG is an equal opportunity and affirmative action employer that does not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or protected veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. TIAG's policy applies to all terms and conditions of employment. To achieve our goal of equal opportunity, TIAG maintains an affirmative action plan through which it makes good faith efforts to recruit, hire, and advance in employment qualified minorities, women, individuals with disabilities, and protected veterans.