Today
Top Secret/SCI
Unspecified
Unspecified
Security
Washington, DC (On-Site/Office)
Junior Security Control Assessor
Location: Washington, DC
Clearance: TS/SCI
Summary:
Our client is currently hiring a Junior Security Control Assessor II for our customer - the Department of Homeland Security (DHS). The position is in the Washington, DC area and is an on-site position. The Security Control Assessor (SCA) is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The Security Control Assessor shall provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities. The SCA shall conduct analysis of information system security controls, information systems and applications for weaknesses, and documents recommendations addressing security measures to protect information against loss of confidentiality, integrity and/or availability.
Qualifications:
Clearance Required: Must have active TS Clearance with SCI eligibility and have the ability to acquire DHS Suitability.
Duties and Responsibilities:
Location: Washington, DC
Clearance: TS/SCI
Summary:
Our client is currently hiring a Junior Security Control Assessor II for our customer - the Department of Homeland Security (DHS). The position is in the Washington, DC area and is an on-site position. The Security Control Assessor (SCA) is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The Security Control Assessor shall provide an assessment of the severity of weaknesses or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities. The SCA shall conduct analysis of information system security controls, information systems and applications for weaknesses, and documents recommendations addressing security measures to protect information against loss of confidentiality, integrity and/or availability.
Qualifications:
- Degree in Computer Science or related discipline from an accredited college or University required or the equivalent (7 years') combination of education, professional training, or work experience.
- At least one of the following certifications: Security+, CAP, CASP, GSLC, CISM, CISSP
- Possess 5+ years of experience conducting security control assessment of all NIST 800-53 controls.
- Possess 1+ years' DevOps experience.
- Possess 1+ years' of assessing commercial cloud environments such as Amazon Web Services (AWS) and Microsoft Azure.
- Technical understanding (understand network diagrams, vulnerability, and compliance scans).
- Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables.
- Familiarity with a variety of the IT technologies, architecture, concepts, best practices, and procedures.
- Strong attention to detail, ability to interface with all levels of personnel (system administrators, ISSM, Authorizing Officials, etc.).
- Experience creating and maintaining various security documents such as the Security Assessment Plan.
- Knowledge of NIST 800-53 security controls and required documentation.
- Experience with Tenable and Security Technical Implementation Guides (STIGs).
- Excellent Communication skills (written and oral).
Clearance Required: Must have active TS Clearance with SCI eligibility and have the ability to acquire DHS Suitability.
Duties and Responsibilities:
- Perform assessment of information systems, based upon the Risk Management Framework (RMF).
- Evaluate Authorization packages and make authorization recommendations.
- Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required.
- Advise the Information System Security Officer (ISSO) concerning the impact levels for confidentiality, integrity, and availability for information on a system.
- Review and approve the IS Security Control Assessment Procedures, the Security Assessment Plan (SAP), the System Security Plan (SSP), and the Security Control Traceability Matrix (SCTM).
- Perform configuration management of a client central repository for authorization documentation (i.e., Body of Evidence (BOE)), which is maintained using an Assessment and Authorization (A&A) workflow software application.
- Review and compile the BOE (i.e., security control allocations, security control implementations, test results, Security Assessment Reports (SARs), Plan of Action and Milestones (POA&M), risk acceptance recommendations, and risk mitigation strategies) to support the recommendation for client risk acceptance authorization decisions.
- Perform vulnerability and compliance scans using approved enterprise scan solutions such as Tenable to validate status.
group id: 10364120
