Job Requirements
Fort Belvoir, VA
Top Secret Polygraph not specified
Mid Level Career (5+ yrs experience)
Salary not specified
Join Premium to unlock estimated salaries 
Job Description
Job Title: Security Control Assessor
Location: Fort Belvoir, VA 22060
Duration: Long-term
Certification: IAT Level III
Clearance: Active Top Secret Clearance
The Contractor shall provide RMF Assessment and Authorization (A&A) or Assess Only services on multiple security domains and classifications. The Contractor shall provide
• Army A&A or Assess Only services as a Security Control Assessor – Validator (SCA-V) IAW Army cybersecurity policies.
• At a minimum, the Contractor shall have knowledge and experience with Windows Server and Workstation, Architecture and Active Directory, Linux/Unix OS, cloud technologies, network architecture, databases, coding principle, eMASS, vulnerability management tools, virtual environments, containerization technologies/platforms, DevSecOps principles, and code scanning tools.
• The Contractor shall follow the NETCOM SCA TTP and applicable guidance to measure risk, compliance, and assurance, and shall implement an independent cybersecurity auditing process for application software/networks/systems, perform validation steps, compare actual results with expected results, and analyze the differences to identify impact and risks.
The Contractor shall:
• Receive and complete a comprehensive assessment of A&A or Assess Only eMASS packages.
• Assist the A&A or Assess Only activity and ensure that a thorough validation occurs on all elements and security controls within eMASS.
• Complete the eMASS with the results from the assessment for each security control. [NOTE: The results shall include sufficient detail to identify the compliance or non-compliance of the security control.]
• Complete the Risk Assessment Report (RAR) eMASS module for each non-compliant security control.
The Contractor shall have knowledge and experience with:
• A&A and Assess Only processes.
• Risk management processes.
• The current concepts and capabilities of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
• Known vulnerabilities from alerts, advisories, and bulletins
• The Contractor shall employ automated tools, including ACAS and software scanning tools, such as Fortify, SonarQube, and Twistlock, to evaluate a system’s security status and compliance with DISA STIGs in containerized and virtual environments. The Contractor shall also be able to evaluate systems that do not have these tools for emerging technologies, such as Cloud and Tactical systems.
Location: Fort Belvoir, VA 22060
Duration: Long-term
Certification: IAT Level III
Clearance: Active Top Secret Clearance
The Contractor shall provide RMF Assessment and Authorization (A&A) or Assess Only services on multiple security domains and classifications. The Contractor shall provide
• Army A&A or Assess Only services as a Security Control Assessor – Validator (SCA-V) IAW Army cybersecurity policies.
• At a minimum, the Contractor shall have knowledge and experience with Windows Server and Workstation, Architecture and Active Directory, Linux/Unix OS, cloud technologies, network architecture, databases, coding principle, eMASS, vulnerability management tools, virtual environments, containerization technologies/platforms, DevSecOps principles, and code scanning tools.
• The Contractor shall follow the NETCOM SCA TTP and applicable guidance to measure risk, compliance, and assurance, and shall implement an independent cybersecurity auditing process for application software/networks/systems, perform validation steps, compare actual results with expected results, and analyze the differences to identify impact and risks.
The Contractor shall:
• Receive and complete a comprehensive assessment of A&A or Assess Only eMASS packages.
• Assist the A&A or Assess Only activity and ensure that a thorough validation occurs on all elements and security controls within eMASS.
• Complete the eMASS with the results from the assessment for each security control. [NOTE: The results shall include sufficient detail to identify the compliance or non-compliance of the security control.]
• Complete the Risk Assessment Report (RAR) eMASS module for each non-compliant security control.
The Contractor shall have knowledge and experience with:
• A&A and Assess Only processes.
• Risk management processes.
• The current concepts and capabilities of cyber defense and vulnerability assessment tools, including open-source tools, and their capabilities.
• Known vulnerabilities from alerts, advisories, and bulletins
• The Contractor shall employ automated tools, including ACAS and software scanning tools, such as Fortify, SonarQube, and Twistlock, to evaluate a system’s security status and compliance with DISA STIGs in containerized and virtual environments. The Contractor shall also be able to evaluate systems that do not have these tools for emerging technologies, such as Cloud and Tactical systems.
group id: 10216532
