Delaware Nation Industries/Unami works with the Oklahoma City Air Logistics Complex (OC-ALC) located at Tinker AFB, OK to provide on-site cybersecurity support services to maintain an Authority to Operate (ATO) for all OC-ALC systems, applications, and networks using the NIST Risk Management Framework (RMF) per DoDI 8510.01, Risk Management Framework (RMF) for DoD Information and AFI 17-101, Risk Management Framework (RMF) for Air Force Information Technology.

Ability to obtain a security clearance is REQUIRED.

A Security+ Certification is REQUIRED.

This position is 100% onsite.

• Document and maintain controls, appendices, and document attachments under NIST SP 800-53 Rev. 4 & 5 for all DSS and IDM systems and sub-systems
• Document and maintain inheritable common controls catalog for to document controls offered to applications or systems hosted on multi-cloud platform
• Ensure common controls are available for all hosted systems to inherit and maintain
• Assist in the development and maintenance of System Security Plans (SSP) and security controls assessments, and organizational policy
• Update the SSP and server documentation and provide the ISSO to update security artifacts and the baseline documents
• Update POA&Ms throughout the POA&M lifecycle till closure for all system controls.
• Provides high-level functional systems analysis, design, integration, documentation, and implementation advice on moderately complex cybersecurity problems that require an appropriate level of knowledge of the subject matter for effective implementation
• Serves as the IT security POC for assigned systems to ensure information systems comply with applicable policies
• Ensures security activities are implemented throughout the entire SDLC, including during system changes and modifications
• Provides audit support by developing the appropriate responses to audit questionnaires and remediation recommendations of audit report findings.
• Coordinates with appropriate stakeholders and system owners to ensure all NIST 800-53 controls are properly implemented and assessed during the steps of the ATO lifecycle
• Ability to conduct an analysis of the NIST SP 800-53 rev. 5 controls and identify controls that can be automated
• Ensures all systems are operated, maintained, and disposed of IAW documented security policies and procedures, including but not limited to Assessment & Authorization (A&A).
• Supports the development and maintenance of all security documentation such as the System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, Contingency Plan Testing, POA&Ms, and incident reports.

• At least 2+ years of related experience
• Detailed knowledge of NIST SP 800-53 Rev. 4 & 5, Security Policies, NIST Risk Management Framework, Security Planning and Architecture, FISMA Compliance, Incident Analysis, and General Security Best Practices
• Knowledge of FedRAMP and FISMA regulatory compliance requirements
• Deep knowledge of the information security principles
• Experience developing Information Security policies and procedures
• Experience performing A&As and supporting the Risk Management Framework lifecycle
• Ability to communicate, both written and orally, to both technical and non-technical stakeholders
• Strong written and oral communication skills to interact with senior managers, junior staff, and business unit (non-technical) customer

AAP/EEO Statement:

DNI complies with all federal, state and local laws designed to protect employees and job applicants from discrimination based on race, religion, color, sex, parental status, national origin, age, disability, genetic information, military service, or other non-merit-based factors.

Other Duties:

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.