Job Requirements
Fort Meade, MD
Secret Polygraph not specified
Early Career (2+ yrs experience)
$50,000 - $65,000
Job Description
August Schell is looking for a Security Control Assessor, Junior to join our team in support of a cybersecurity risk management and assessment program with our DoD customer. The Assessors will be part of a project team responsible for Cybersecurity Assessments and Authorization (A&A), Risk Management, Information Assurance (IA) Support, and Risk Adjudication and Connection services.
Individuals in this role must be able and willing to travel extensively, approximately 65-75%.
Responsibilities Include:
Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN.
Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing.
Adhere to policies and processes for each assessment type.
Support assessment development and execution to ensure security expertise is properly applied.
Coordinate logistics, test plans, and scope with the SCA Team Lead.
Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS.
Analyze security gaps and provide mitigation recommendations.
Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines.
Provide risk analysis and assessment results for authorization recommendations.
Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R.
Requirements:
Bachelor's degree (IT-related field preferred)
Three (3) years of overall experience in a DoD or Federal IT environment
Must have experience in at a minimum 3 of the following technology areas: Network, Windows, Unix, End Point Security, Cloud, Application, SQL, Oracle, ACAS, Traditional, RMF
Have an active Secret with a willingness to upgrade to DoD Top Secret with SCI eligibility
DoD 8570 IAM/IA Technical (IAT) Level II certification
Familiarity with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices
Understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
Familiarity with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
Strong written and verbal communication skills for reporting assessment findings.
Individuals in this role must be able and willing to travel extensively, approximately 65-75%.
Responsibilities Include:
Conduct cybersecurity assessments, audits, and inspections for DoD organizations and partners handling DoD information or connecting to the DoDIN.
Evaluate systems and Defensive Cyberspace Operations using cyber threat emulation and performance-based testing.
Adhere to policies and processes for each assessment type.
Support assessment development and execution to ensure security expertise is properly applied.
Coordinate logistics, test plans, and scope with the SCA Team Lead.
Perform vulnerability assessments, capture results using STIG Viewer or designated tools, and document findings in eMASS.
Analyze security gaps and provide mitigation recommendations.
Validate cybersecurity controls, TTPs, STIGs, RMF controls, and compliance with DoD policies and guidelines.
Provide risk analysis and assessment results for authorization recommendations.
Participate in daily assessment reviews, in-briefs, and out-briefs, sharing findings with the SCA-R.
Requirements:
Bachelor's degree (IT-related field preferred)
Three (3) years of overall experience in a DoD or Federal IT environment
Must have experience in at a minimum 3 of the following technology areas: Network, Windows, Unix, End Point Security, Cloud, Application, SQL, Oracle, ACAS, Traditional, RMF
Have an active Secret with a willingness to upgrade to DoD Top Secret with SCI eligibility
DoD 8570 IAM/IA Technical (IAT) Level II certification
Familiarity with STIGs (Security Technical Implementation Guides), Security Requirement Guides (SRGs), Plan of Action and Milestones (POA&Ms) and cybersecurity best practices
Understanding of the RMF process, NIST SP 800- 37, NIST SP 800-53, CNSSI 1253
Familiarity with relevant tools such as eMASS, STIG Viewer, Nessus, ACAS, SCAP, or HBSS
Strong written and verbal communication skills for reporting assessment findings.
group id: RTL73977