Cyber Risk Management Specialist at Steampunk, Inc.

• Job Location McLean, VA
• Seniority Mid-Senior Level
• Type Full-time

Description

The Cyber Risk Management Specialist (CRMS) will specialize in in-depth knowledge of the program's cyber security hygiene, DevSecOps, Risk Management Framework (RMF), Assessment and Authorization (A&A), Federal Risk and Authorization Management Program (FedRAMP) compliance, continuous ATO (cATO) and continuous monitoring.

A solid grasp on confidentiality, integrity, and availability (CIA) security concepts is required.

The candidate will be responsible for the technical implementation and enforcement of security hardening, vulnerability management, scan analysis, data analysis for metrics reporting, cloud environments, compliance with Federal regulation and policy, and commercial best practices relating to cyber security.

The candidate must have the ability to be flexible and adaptive to a fast-paced, fluid business environment.

Contributions The role requires strong procedural knowledge of NIST SP 800-37 Risk Management Framework (RMF) for Information Systems and Organization, NIST SP 800-53 Security and Privacy Controls for Information Systems and Organizations, NIST SP 800-137 Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, FedRAMP requirements, cloud environments, cloud cybersecurity architecture, compliance with Federal regulation and policy, and commercial best practices relating to cloud security.

The CRMS is expected to efficiently learn and adapt to rapidly changing federal governance frameworks and standards of practice, to include risk treatments for modern and emerging technologies (e,g, AI, blockchain, microservices).

The Cyber Risk Management Specialist performs a range of functions before, during, and after an authorization is granted: Integrate security into DevOps effectively at every stage of the software development life cycle (SDLC).

Identify security holes and potential breaches, work through multifaceted security issues, and create effective solutions based on understanding of risk posture and treatments.