Hybrid SSO/RMF A&A Support - ZTA bei Nexthreat.com
Nexthreat.com · Washington, DC, Vereinigte Staaten Von Amerika · Hybrid
- Optionales Büro in Washington, DC
Job Title: SSO/RMF A&A Support
Location: Washington, DC
Time Type: Full-time
Potential for Telework: Position eligible for telework upon approval; however, must be able to attend GPO IT SEC scheduled and as-needed-unscheduled in-person meeting(s).
Minimum Clearance Required to Start: Candidates will be required to pass a GPO public trust background check ahead of onboarding.
Employee Type: W2 or 1099
Citizenship: US Citizen, no Dual Citizenship
Position Overview:
NexThreat is seeking an experienced ISSO / RMF (Risk Management Framework) A&A (Assessment and Authorization) Support Specialist to support the Government Publishing Office's (GPO) IT Security division. The candidate will assist in developing, maintaining, and advancing the GPO’s Zero Trust Architecture (ZTA) by conducting comprehensive security assessments, system authorizations, and continuous monitoring activities in accordance with federal standards and EO 14028.
Key Responsibilities:
RMF Assessment & Authorization Support:
o Assist in conducting security assessments of GPO information systems for RMF compliance.
o Facilitate preparation, documentation, and execution of Security Authorization packages, including System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Actions & Milestones (POA&Ms).
o Support authorization activities, including the ongoing monitoring and authorization of systems within the GPO environment.
Security Framework & ZTA Development:
o Contribute to the development and maturation of the GPO’s Zero Trust Architecture, aligning security practices with EO 14028 requirements.
o Develop and recommend security controls and strategies to improve cyber hygiene and security posture.
Tool Support & Maintenance:
o Support operation, maintenance, and upgrades of key security and assessment tools, including but not limited to:
§ Microsoft Sentinel
§ Microsoft Azure
§ Microsoft Defender for Endpoint (DfE)
§ Xacta 360/IO
§ Zscaler
§ FedRamp compliance tools
§ Cloudflare
§ NetWitness
§ Tenable IO
§ Nexpose
§ Armis
§ Trellix HX/CM
§ ServiceNow
Qualifications & Experience:
Education & Certifications:
o Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or related field (or equivalent experience).
o Relevant certifications preferred: CAP, CISSP-ISSAP, Security+, ISO certifications, or equivalent.
Experience:
o Minimum of 3 years’ experience with RMF, FISMA, and security assessment processes supporting government or enterprise systems in a GCC-H/GCC environment.
o Strong understanding of cybersecurity frameworks, NIST 800-53 controls, and federal compliance requirements.
Technical Skills:
o Hands-on experience with RMF assessment activities, including system categorization, control implementation, testing, and authorization.
o Proficiency with security tools listed above and integrating them within a security assessment and monitoring framework.
o Ability to analyze and interpret security data, prepare reports, and communicate findings effectively.
