Cybersecurity Specialist (RMF)

We are seeking a Risk Management Framework (RMF) specialist to support the Assessment and Authorization process for the Military Health System’s Planning, Programming, Budgeting and Execution (PPBE) Tool (MP2BET). MP2BET facilitates data standardization, transparency and information sharing between PPBE throughout the Defense Health Program (DHP) enterprise.

Key Responsibilities:

• Demonstrate proficiency in the PPBE processes, guiding budgeting, and resource allocation effectively.
• Demonstrate technical proficiency in the risk management framework’s (RMF) practices, processes, and technologies to enable an organization to identify, assess, and analyze risk to manage risk.
• Experience in using the National Institute of Standards and Technology (NIST) Risk Management Framework’s seven steps: prepare, categorize, select, implement, assess, authorize and monitor.
• Experience in developing authorization packages; using the Plan of Action and Milestones; Risk Determination; Risk Response; Authorization Decision and Authorization Reporting.
• Work with the cybersecurity team to develop and maintain comprehensive security documentation required for ATO packages, including System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action and Milestones (POA&M)

Qualifications:

• Three (3) to five (5) years of relevant experience in RMF
• Active secret security clearance 
• Bachelor’s degree in Computer Science, Information Security, or related field.
• Certification required: CompTIA Security+
• Strong technical background in network and operating system security.
• Experience in security documentation and vulnerability remediation.
• Experience with NIST 800-53.
• Excellent analytical, problem-solving, and communication skills.

Additional Requirements:

• Proven track record of meeting deadlines and efficiently managing security findings.
• Experience in a Federal IT security environment is highly desired.

EEO Employer F/M/Vet/Disabled