Join a growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in accrediting secure information systems to join a team of security professionals and help defend national security programs.
Clearance Requirement: Top Secret/SCI. Candidate must be willing to pass a counterintelligence (CI) polygraph.
This position requires full-time on-site support. This is not a remote position.
The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by information systems. Determine the overall control effectiveness through documentation review, inspections, testing, and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Assessments may include applications, hardware, software, Platform and Non-Platform IT systems. Provides support to Cybersecurity incidents, investigations, and overall security program of the customer. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.
Specific responsibilities include:
- Technical evaluation of the security controls implemented within applications, hardware, operating systems, and network devices across a broad spectrum of commercial and government-developed technologies.
- Assessment package review and feedback which focuses on the Body of Evidence (BoE) documentation submitted to support the various steps of Risk Management Framework (RMF)
- Analyze results from multiple cybersecurity products, such as vulnerability scanners, firewall, and intrusion detection/prevention systems to assist in risk determinations.
- Advising the Authorizing Official (AO) on risk determinations and Approval to Operate.
- Preparing Security Assessment Reports which focuses on the assessment of an information system in support of the authorization determination.
- Interface with other cybersecurity organizations, both within and external to the federal government.
- Support cybersecurity incident response as necessary at the direction of the AO.