Security Control Assessor

Overview

VTG seeks to hire a Security Control Assessor (SCA) to provide information security Assessment and Authorization (A&A) support throughout the program lifecycle. The SCA conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls at contractor or government facilities.

What will you do?

Responsibilities

• Collaborate with system stakeholders and teammates to enhance system security
• Communicate effectively with all security stakeholders
• Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level
• Draft statements of preliminary or residual security risks for system operation (System Assessment Reports)
• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements
• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations

Do you have what it takes?

Requirements

• Clearance: Active TS/SCI with Polygraph
• Knowledge of and experience with ICD 503, NIST SP 800-37, and the Security Assessment and Authorization process
• Knowledge of the NIST SP 800-53 Controls and the SP 800-53A Assessment methodologies and procedures
• Willing to travel 25% of time to support testing events both locally and via commercial air, and can include overnight stays
• Currently hold or obtain and maintain DoD 8570 IAM Level II certification within 6 months of starting the position
• Bachelor's degree + 5 years of experience OR High School or Associate's degree + 7 years of experience OR Master's degree or higher + 3 years of experience (Education and experience should be relevant to computer engineering, information security, cyber security, information management, and/or computer science, and experience with technical project management and performing Accreditation testing)

Basic Qualifications

• Familiarity with IA concepts
• Ability to review and recommend vulnerability and risk levels associated software and hardware products
• Ability to provide basic IA support to SCA Level 2 - 4 personnel in the conduct of assessment actions
• Practical experience performing information systems A&A as defined in applicable ICDs and guidance
• Practical experience developing and implementing security related directives and guidance for IA/IT/IM
• Practical experience utilizing risk management strategies for information technology solutions
• Understanding of emerging technologies and their implementation within Government system and network environments
• Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems
• Understanding of information technology systems, software, and networks
• Ability to effectively coordinate A&A activities of industry and Government information systems to meet acquisition milestone requirements
• Effective technical report and general correspondence writing ability

Desired Qualifications

• Ability to manage and track systems or programs involved in the A&A process
• Experience developing and implementing security related directives and guidance for IA/ IT/IM
• Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs
• ISC2 Certified Authorization Professional (CAP) / Certified in Governance, Risk and Compliance (CGRC)