Posted today
Secret
Early Career (2+ yrs experience)
Unspecified
IT - Security
Edwards, CA (Off-Site/Hybrid)•Moffett Field, CA (Off-Site/Hybrid)
We are actively seeking a dynamic and experienced Security Control Assessor to join our team with a focus on program-scale assessments.
This role involves working within a highly visible large scale program that oversees hundreds of unique IT systems. The selected candidate will play a crucial role in assessing systems annually over the next 2+ years, with a streamlined approach that involves moving from one assessment directly to the next. Assessments are scheduled at a cadence of approximately once every six weeks.
Responsibilities:
Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited for traditional information technology (IT), operational technology (OT), and mission systems to determine the overall effectiveness of the controls (as defined in NIST SP 800 Series)
Perform security assessment duties including:
Create a pre-assessment verification checklist and submit to ISO
Provide verification that System Security Plans (SSPs) to be assessed and audited are ready for an assessment via use of an Agency approved tool
Create security assessment plan prior to scheduling assessment
Submit security assessment plan to Information System Owner (ISO) for approval
Schedule assessments
Conduct technical and non-technical security assessments
Create Security Assessment Report (SAR) using agreed upon format
Schedule and perform system assessment out-brief with ISO
Attend Authorization To Operate (ATO) brief with Authorizing Official (to be scheduled by ISO)
Upload all security assessment documentation in the Agency approved tool
Address any concerns or questions that may be raised by the customer relating to assessments
Respond to data calls and review policies for applicability to an assessment as requested by the customer
Create and adhere to assessments Standard Operating Procedures (SOPs) and standardized templates for all tasks agreed upon with the EAS Technical Point of Conduct (TPOC) or designee
Work collaboratively with cross-functional teams to gather necessary information for assessments
Ensure timely and accurate reporting of assessment results, vulnerabilities, and compliance status
Collaborate with stakeholders to develop and implement corrective action plans based on assessment findings
Provide expertise in scaling security measures to meet the unique requirements of diverse IT systems
Maintain awareness of emerging threats and industry best practices to continually enhance assessment methodologies
Operate effectively in a fast-paced environment, demonstrating the ability to be proactive and adaptive
Act as a client-facing representative of the organization, engaging with clients professionally and effectively
Qualifications:
Minimum of 2 years of hands-on experience in Security Control Assessments.
Proven ability to handle a high volume of assessments, with a focus on program-scale operations.
In-depth knowledge of NIST 853/830 standards
Demonstrated proficiency in cloud platforms, with a preference for Google Cloud Platform (GCP). Familiarity with Azure or AWS is also acceptable.
Strong expertise in Linux systems and the ability to apply security measures across a diverse range of IT systems.
Experience in assessing non-traditional IT systems, particularly in a program-scale context.
Excellent organizational skills and the ability to manage a rotating schedule of assessments.
Effective communication skills to convey complex security concepts to various stakeholders.
U.S. Citizenship and an Active Secret clearance are mandatory for successful candidates.
Availability for remote work with occasional travel required, approximately once every 6 weeks.
This role involves working within a highly visible large scale program that oversees hundreds of unique IT systems. The selected candidate will play a crucial role in assessing systems annually over the next 2+ years, with a streamlined approach that involves moving from one assessment directly to the next. Assessments are scheduled at a cadence of approximately once every six weeks.
Responsibilities:
Conduct independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited for traditional information technology (IT), operational technology (OT), and mission systems to determine the overall effectiveness of the controls (as defined in NIST SP 800 Series)
Perform security assessment duties including:
Create a pre-assessment verification checklist and submit to ISO
Provide verification that System Security Plans (SSPs) to be assessed and audited are ready for an assessment via use of an Agency approved tool
Create security assessment plan prior to scheduling assessment
Submit security assessment plan to Information System Owner (ISO) for approval
Schedule assessments
Conduct technical and non-technical security assessments
Create Security Assessment Report (SAR) using agreed upon format
Schedule and perform system assessment out-brief with ISO
Attend Authorization To Operate (ATO) brief with Authorizing Official (to be scheduled by ISO)
Upload all security assessment documentation in the Agency approved tool
Address any concerns or questions that may be raised by the customer relating to assessments
Respond to data calls and review policies for applicability to an assessment as requested by the customer
Create and adhere to assessments Standard Operating Procedures (SOPs) and standardized templates for all tasks agreed upon with the EAS Technical Point of Conduct (TPOC) or designee
Work collaboratively with cross-functional teams to gather necessary information for assessments
Ensure timely and accurate reporting of assessment results, vulnerabilities, and compliance status
Collaborate with stakeholders to develop and implement corrective action plans based on assessment findings
Provide expertise in scaling security measures to meet the unique requirements of diverse IT systems
Maintain awareness of emerging threats and industry best practices to continually enhance assessment methodologies
Operate effectively in a fast-paced environment, demonstrating the ability to be proactive and adaptive
Act as a client-facing representative of the organization, engaging with clients professionally and effectively
Qualifications:
Minimum of 2 years of hands-on experience in Security Control Assessments.
Proven ability to handle a high volume of assessments, with a focus on program-scale operations.
In-depth knowledge of NIST 853/830 standards
Demonstrated proficiency in cloud platforms, with a preference for Google Cloud Platform (GCP). Familiarity with Azure or AWS is also acceptable.
Strong expertise in Linux systems and the ability to apply security measures across a diverse range of IT systems.
Experience in assessing non-traditional IT systems, particularly in a program-scale context.
Excellent organizational skills and the ability to manage a rotating schedule of assessments.
Effective communication skills to convey complex security concepts to various stakeholders.
U.S. Citizenship and an Active Secret clearance are mandatory for successful candidates.
Availability for remote work with occasional travel required, approximately once every 6 weeks.
group id: 91121246
