By Light Professional IT Services LLC readies warfighters and federal agencies with technology and systems engineered to connect, protect, and prepare individuals and teams for whatever comes next. Headquartered in McLean, VA, By Light supports defense, civilian, and commercial IT customers worldwide.

• Provide technical leadership and support to the bureau’s RMF 4 Independent Assessment Team, which is responsible for conducting RMF step 4 activities for various information systems. These activities include, but are not limited to, the production of high-quality deliverables such as:
• Security Assessment Plans (SAP)
• Vulnerability scan reports
• Security Control Test Steps
• Vulnerability and Compliance Findings
• Security Assessment Reports (SAR)
• Responsible for managing, tracking, and reporting of the RMF 4 activities conducted by the RMF 4 team for each FISMA reportable system.
• Responsible for managing the bureau’s Tenable team to support ongoing operations as well as the deployment of the Tenable High Availability infrastructure.
• Responsible for ensuring that all system deliverables comply with Information Assurance policy, specifically NIST 800-53, Information Assurance Implementation.
• Duties will include (but are not limited to):
• Based on OMB, NIST, and client specific guidance, process and related documentation, the team will develop and submit Security Authorization Packages.
• Brief assessment findings with system owners and ISSOs. At that time, the system owner will have a chance to discuss findings for clarification and/or correction.
• Make recommendations to correct RMF documentation and process deficiencies discovered while conducting reviews of completed or closed POA&Ms and RMF Packages.
• Assess vulnerabilities of the client systems.
• Ensure that the implementation of security designs properly mitigate identified threats and reduce risk.
• Provide input to Assessment Process activities and assist in updating/creating relevant SOP's.

• Bachelor’s degree and 7-10 years of experience in the Assessment & Authorization (A&A) process and the Risk Management Framework (RMF)  or equivalent experience in lieu of a degree.
• 5+ years of experience managing a team.
• Certified Information Systems Security Professional (CISSP) or ability to obtain within 9 months; or Certified in Governance, Risk, and Compliance (CGRC) or ability to obtain within 6 months.
• Operational knowledge of Tenable Manager and Tenable.SC.
• Ability to manage and mentor an assessment team.
• Exceptional verbal and written communication skills including briefings and debriefings of client personnel including Information System Security Officers (ISSO), System Owners, and Chief Information Security Officer (CISO)
• Thorough knowledge of, and experience with, the NIST 800 series publications to include: 800-30, 800-37, 800-53, 800-53a, and 800-53b.
• Previous experience creating all necessary RMF step 4 Assessment and Authorization documentation. Experience should clearly be defined in resume.
• Ability to manage team members handling authorization packages for multiple systems of different size and complexity. Experience should be outlined in resume.
• Experience conducting security scans and developing findings
• Less than 10% travel to local customer sites in Washington DC for Customer Meetings

• Proficiency evaluating and analyzing results from the following set of tools, to include but not limited to: Nessus Pro, Nessus Manager, Tenable Security Center (Tenable.SC), and Oracle databases.
• Admin level background in Linux operating systems.

• Clearance Level SECRET (Required to Start)