Posted today
Top Secret
$100,000 - $130,000
CI Polygraph
Security
Springfield, VA (On-Site/Office)
Riptide Technology is hiring a Security Control Assessor - active TS/SCI clearance to support our government customer based in our Springfield, VA location. The position is required to be onsite. The position requires an active Top Secret/SCI clearance and the ability to obtain and maintain a Counterintelligence (CI) Polygraph.
The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. The SCA will determine the overall control effectiveness through documentation review, inspections, testing, and interviews. The role will provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. The SCA will provide initial mitigation of Cybersecurity incidents, support incident investigations, and closure of the incidents. The position will provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.
This position will serve as the Team Lead and is the primary interface with the government customer as well as being responsible for coordinating projects, deconflicting the team's activities, and mentoring/developing the team as needed.
Responsibilities:
Qualifications:
Education and/or Certification
Travel Requirements:
Security Clearance Requirements
Desired Requirements:
$100,000 - $130,000 a year
401(k) company contribution equivalent to 10% of employee's salary, immediately 100% vested, no matching required. 100% company paid dental, vision, life, AD&D, and disability insurance. Employer-provider health insurance, employee and family coverage, 85% company paid. 6 weeks annual paid time off for holidays, vacation, and sick leave. 12 weeks paid family leave, 2-5 days bereavement leave, and 2 weeks Military Reserve Duty differential pay provided for qualifying events. Opportunities for annual performance-based bonuses.
Riptide Technology does not discriminate on the basis of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, or other non-merit-based factors.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. The SCA will determine the overall control effectiveness through documentation review, inspections, testing, and interviews. The role will provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. The SCA will provide initial mitigation of Cybersecurity incidents, support incident investigations, and closure of the incidents. The position will provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.
This position will serve as the Team Lead and is the primary interface with the government customer as well as being responsible for coordinating projects, deconflicting the team's activities, and mentoring/developing the team as needed.
Responsibilities:
- Assessment of security controls and organizational requirements shall include:
- Assessment Package Feedback which focuses on the documentation submitted to support the various steps of Risk Management Framework (RMF). Recommend a format for this document for government approval.
- Security Assessment Report which focuses on the assessment of an information system in support of the authorization determination. Shall provide a draft report using the government provided template; may recommend format changes for government consideration.
- Periodic Cybersecurity Assessment Report or Security Compliance Report which focuses on the assessment of a Cybersecurity program at a location. Shall provide a draft report using the government provided template; may recommend format changes for government consideration.
- Cybersecurity Incident Reports which focus on documenting Cybersecurity incidents. Shall provide a draft report using the government provided template; may recommend format changes for government consideration.
- Technical Assessment of Hardware, Software, or Firmware. Shall document the technical assessment addressing Cybersecurity vulnerabilities via a government agreed format, such as a Help Desk ticket application, electronic mail, memorandum, etc.
- Shall develop an annual compilation of findings and observations based upon the Security Assessment Reports and Periodic Cybersecurity Assessment Reports or Security Compliance Reports based upon fiscal year assessments. The format shall be recommended for government approval. The compilation shall be void of system names, system identification numbers, government or contractor locations, and individual names.
- Draft and/or preliminary documents shall be presented in one of the following electronic formats: Microsoft Office version 2007 compatible (.docx, .xlsx, or .pptx) or the standard Portable Document Format (PDF) format. Final and/or approved format shall be determined by the government; may recommend additional formats.
- Incumbent travel requirements are approximately 30% annually to support critical business needs. Travel location are CONUS and some OCONUS locations.
Qualifications:
- Shall have 4 or more years of experience in the validation of security configuration of operating systems.
- Shall have 2 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications.
- Shall meet the Cyber IT/Cybersecurity Workforce (CSWF) Security Control Assessor (612); Intermediate Level for SECNAV M-5239.2 compliance. (See Navy Cool WebSite).
Education and/or Certification
- Education:
- Bachelor's Degree in Information Technology, Cybersecurity, Computer Science, Information Systems, Data Science, or Software Engineering from an ABET accredited or NCAE designated institution; OR
- Certifications:
- Certified in Governance Risk and Compliance (CGRC); or
- CompTIA Security+ ce; or
- CompTIA Cloud +; or
- CompTIA PenTest +; or
- CompTIA SecurityX (formerly CASP+)
Travel Requirements:
- Travel approximately 30% annually. Travel location are CONUS and some OCONUS locations.
Security Clearance Requirements
- The position requires U.S. Citizenship and an active DoD Top Secret with SCI clearance and the ability to obtain and maintain a Counterintelligence (CI) Polygraph.
Desired Requirements:
- Strongly desired experience with application of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides.
- Operating System/Computing Environment certificate for Windows Server 2012 or newer UNIX (Linux (Red Hat), Solaris).
- Experience with vulnerability scanners.
- Experience with Cloud technologies.
- Documented (certificate) RMF training provided by the Intelligence Community or DoD SAP community.
- Experience with assessing security relevant applications.
- Experience as a System Administrator, Information System Security Manager, or Information System Security Officer.
- Experience applying the requirements of the DoD Joint Special Access Program Implementation Guide (JSIG) to information systems or Cybersecurity programs.
- A cyber credential at the Master proficiency level for specialty area Securely Provision - Risk Management as outlined in SECNAV M-5239.2.
- Experience with Cross Domain Solutions (CDS).
$100,000 - $130,000 a year
401(k) company contribution equivalent to 10% of employee's salary, immediately 100% vested, no matching required. 100% company paid dental, vision, life, AD&D, and disability insurance. Employer-provider health insurance, employee and family coverage, 85% company paid. 6 weeks annual paid time off for holidays, vacation, and sick leave. 12 weeks paid family leave, 2-5 days bereavement leave, and 2 weeks Military Reserve Duty differential pay provided for qualifying events. Opportunities for annual performance-based bonuses.
Riptide Technology does not discriminate on the basis of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, or other non-merit-based factors.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
group id: 10527750
