Posted over 6 months ago
Dept of Homeland Security
Unspecified
Unspecified
Norfolk, VA (On-Site/Office)
Job Description
Tharros has an immediate opportunity to support the US Navy with operational test and evaluation support. The Security Control Assessor will conduct independent, comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. The Assessor shall provide cybersecurity support, analysis, documentation, and validation services for OPTEVFOR IT systems. The Assessor serves independently as a Navy Qualified Validator (NQV), performing validation activities under the RMF process using Navy Security Control Assessor-approved processes and applies knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture in accordance with the Risk Management Framework Process Guide series. The Assessor shall apply Navy Assessment & Authorization (A&A) guidance and policy to achieve/maintain program objectives on time/schedule, and guidance regarding vulnerability remediation and determination of risk posture.
Requirements
Summary
Tharros combines extensive cyber defense knowledge with the world's preeminent vulnerability expertise to identify and defend against attacks before they become problems. Working at mission speed, we harden mission systems faster and secure them for longer, so agencies never lose the mission edge. Tharros lifts the veil of enterprise cybersecurity to detect zero days before they affect you, enabling mission maneuverability and the confidence to move missions forward.
In the ever-evolving realm of cyberspace, we are dedicated to becoming the paramount defender in the 5th warfighting domain. By pioneering innovative security solutions and fostering an environment of continuous learning and vigilance, we aim to protect the interests of our nation's security. Our commitment to excellence in cybersecurity will establish new benchmarks, transforming the digital landscape into a secure and thriving frontier for future generations.
Tharros. See Everything. Secure Anything.
Tharros is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer and make employment decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected status.
Tharros has an immediate opportunity to support the US Navy with operational test and evaluation support. The Security Control Assessor will conduct independent, comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls. The Assessor shall provide cybersecurity support, analysis, documentation, and validation services for OPTEVFOR IT systems. The Assessor serves independently as a Navy Qualified Validator (NQV), performing validation activities under the RMF process using Navy Security Control Assessor-approved processes and applies knowledge of DoD or DoN network architectures and policy toward assessment and identification of vulnerabilities as a means of improving operational security posture in accordance with the Risk Management Framework Process Guide series. The Assessor shall apply Navy Assessment & Authorization (A&A) guidance and policy to achieve/maintain program objectives on time/schedule, and guidance regarding vulnerability remediation and determination of risk posture.
- Responsible for conducting Validation and Risk Assessment (RA) activities in support of the customer (Validation Security Assessment Testing, System Risk Documentation, System Audits, Security Hardware and Software Testing).
- Responsible for creating and providing all RMF appropriate artifacts and documentation necessary to plan and execute a thorough test of systems, document the system risks and report on the identified risks as necessary.
- Develop and maintain System Security Plans (SSP), Contingency Plans, Privacy Impact Assessments, Certification Reports, Accreditation Reports, POA&Ms, and other A&A documentation.
- Initiate and prepare A&A RMF packages; ensure existing A&A packages are maintained in a compliant status; verify and validate A&A package requirements and configuration modifications are performed and tested.
- Actively work with the designated (OPTEVFOR) Information Systems Security Manager (ISSM) to provide final security assessment support and guidance.
- Required to conduct periodic auditing of RMF artifacts to ensure proper adherence to DoD instruction, Navy requirements, and the NIST Special Publication 800 series standards and industry best practices.
- Responsible for enhancing the overall quality of RMF packages for the purpose of receiving an ATO from the Navy Authorizing Official (NAO) or Authorizing Official Designated Representative (AODR).
- Required to engage with the system Information Systems Security Engineer (ISSE) and ISSE support staff throughout the RMF process.
- Responsible for validation events for all OPTEVFOR cyber OT&E infrastructure and toolset.
- Maintain thorough and current knowledge of RMF and A&A process and standards.
- Work closely with system owners, technical leads, cybersecurity staff, and other stakeholders to manage cybersecurity requirements.
- Integration and implementation of computer system security solutions.
- Execute and conduct analysis of network and system Assured Compliance Assessment Solution (ACAS) vulnerability scans (or other DoD-approved tools) to validate appropriate implementation of security controls in accordance with NIST, DoD and DoN publications.
- Coordinate technical meetings, prioritize topics, and identify objectives in support of package development.
- Exercise strong customer service and excellent communication skills in a fast-paced environment.
- Adhere to guidance outlined in RMF Process Guide.
Requirements
- Minimum 8 years' experience as an NQV.
- Proficiency in Enterprise Mission Assurance Support Service (eMASS) and DoD Application and Database Management System (DADMS), along with a thorough understanding of National Institute of Standards and Technology (NIST) controls.
- Proficient in Microsoft Office Suite to include Teams or similar workplace chat and videoconferencing tools.
- Excellent written and verbal communication skills.
Summary
Tharros combines extensive cyber defense knowledge with the world's preeminent vulnerability expertise to identify and defend against attacks before they become problems. Working at mission speed, we harden mission systems faster and secure them for longer, so agencies never lose the mission edge. Tharros lifts the veil of enterprise cybersecurity to detect zero days before they affect you, enabling mission maneuverability and the confidence to move missions forward.
In the ever-evolving realm of cyberspace, we are dedicated to becoming the paramount defender in the 5th warfighting domain. By pioneering innovative security solutions and fostering an environment of continuous learning and vigilance, we aim to protect the interests of our nation's security. Our commitment to excellence in cybersecurity will establish new benchmarks, transforming the digital landscape into a secure and thriving frontier for future generations.
Tharros. See Everything. Secure Anything.
Tharros is committed to hiring and retaining a diverse workforce. We are proud to be an Equal Opportunity/Affirmative Action Employer and make employment decisions without regard to race, color, religion, creed, sex, sexual orientation, gender identity, marital status, national origin, age, veteran status, disability, or any other protected status.
group id: 10518809
N
