By Light Professional IT Services (By Light) are leading providers of innovative Information Technology (IT) services and communications support to the Department of Defense and Federal Agencies. By Light is looking for personnel to support the U.S Army Installation and Management Command (IMCOM) at Joint Base San Antonio Fort Sam Houston (JBSA), Texas with Information Technology (IT) Risk Management Framework (RMF) support. Support includes IT engineering services in support of the Family, Morale, Welfare and Recreation (FMWR) mission to support the Soldiers and Families at over 80 garrisons and 1,500 MWR facilities throughout the Army. Support consists of design, test, migration, operations, management, evaluation, authorization, scanning, updating, and reporting requirements as it relates to the Risk Management Framework and IMCOM IT systems.

• Identify, develop, create, and assist in sustaining documentation such as System Security Plans, checklists, standard operating procedures.
• Supports the technical managers, system owners, and program managers in identifying and selecting the specific security controls for their systems.
• Incorporate performance management to help drive accountability for RMF that will benefit the customer’s cybersecurity requirements.
• Provide insight to identify trends, forecast needs, and meet assessment and authorization goals.
• Process systems for authorization using RMF process in accordance with Federal Information Processing Standard (FIPS) Publication 199 and 200, National Institute of Standards and Technology (NIST) Special Publications 800-53, 800-59, 800-60, 800-137, and other DoD and Army regulations/guidance as required.
• Translate security policies, implementation guidance, and requirements into cybersecurity engineering implementation and develop solutions for the customer’s systems.
• Provide professional technical engineering services as they relate to the customer’s IT systems.
• Serve as a project manager and/or provide expert consultation on complex projects (such as cloud computing environments, cloud migration), being considered a top-level subject matter expert on related technologies who relies on experience and expert judgement to accomplish project goals.
• Deliver senior technical expertise in support of cybersecurity and RMF requirements.
• Implement and enforce doctrine (such as security policies, security plans for control objectives across the customer’s organization.
• Analyze network / system / process / IT service performance data and provide ad hoc and periodic reporting to the relevant stakeholders.
• Provide proactive input to internal project teams consisting of both system users and IT resources as well as functional proponents and Army communities to ensure effective use of IT solutions, tools, and processes.
• Collaborate with technical managers, system owners, and program managers in identifying mitigation strategies, remediation actions and highlighting recommendation approaches in Plan of Action & Milestone development.
• Performs other cyber security tasks as required.

• Senior Level: Master’s degree in computer science, engineering, or relevant degree. In Lieu of a master’s degree will have a bachelor’s degree and four (4) years of relevant experience.
• Intermediate Level: Bachelor’s degree in computer science, engineering, or relevant degree. In Lieu of a bachelor’s degree will have an associate degree and four (4) years of relevant experience.
• Certification: Required at Contract Start. IAT Level III Certified Information Systems Security Professional (CISSP).
• Has extensive knowledge of policies, directives, and regulatory guidance in the Cybersecurity field.
• Minimum of five (5) years RMF experience in a complex network and systems environment consisting of a large diverse population of users, computers, applications, and technologies.
• Have RMF understanding and knowledge of many of the following technologies:
  • Event logging and analysis for a Defensive Cyber Infrastructure.
  • Cloud Computing Environments and service providers (e.g., Amazon Web Services, Azure) coupled with authorization processes.
  • Overarching Cyber Forensic analytics capabilities.
  • DoD Public Key Infrastructure for the commercial environment.
  • Hardware devices such as servers, desktops, laptops (Windows, Apple, Android).
  • Cloud technologies such as enterprise cloud computing (EC2) instances, Simple Service Storage, and containers.
• Has in in-depth knowledge of the seven steps associated with the RMF and Federal Information Systems Modernization Act (FISMA).
• Fully trained or experienced using RMF workflow tools (e.g., Enterprise Mission Assurance Support Service (eMASS).

• Has the communication skills to effectively interface with senior military officials, managers, and subordinates.

• Eligibility to obtain Secret Clearance.