Join a fast growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in secure information systems to join a team of security professionals and help defend national security systems.

Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Cybersecurity Security Control Assessor (SCA) for a Department of Defense customer. This high-profile contract will assist the DoD with the oversight and management of information technology projects to integrate critical Enterprise services. The ideal candidate will bring excellent cybersecurity and information assurance knowledge to the program coupled with strong Linux technical skills. Candidates must possess thorough understanding of Linux operating systems, security technologies, and contemporary networking.

Clearance Required: Top Secret / SCI

Position Description:

The Senior Cybersecurity Analyst and Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. Determine the overall control effectiveness through documentation review, inspections, testing and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Provide initial mitigation of Cybersecurity incidents, support incident investigations, and closure of the incident. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.

General activities:

  • Improves operations by conducting functional and systems analyses and recommending changes in policies and procedures.
  • Scrutinizes builds of secure infrastructures to ensure best practices are followed in using the latest networking, virtualization, automation, and configuration management tools.
  • Works with the customer to identify and implement security requirements, security best practices, and security controls.
  • Partners with the customer to develop and implement strategic security initiatives
  • Assist in security investigations and responses as necessary
  • Provide cyber security technical expertise and analysis for new technologies and configurations.

Specific assessment of security controls and organizational requirements shall include:

  • Assessment Package Feedback which focuses on the documentation submitted to support the various steps of Risk Management Framework (RMF).
  • Security Assessment Report which focuses on the assessment of an information system in support of the authorization determination.
  • Periodic Cybersecurity Assessment Report or Security Compliance Report which focuses on the assessment of a Cybersecurity program at a location.
  • Cybersecurity Incident Reports which focus on documenting Cybersecurity incidents.
  • Technical Assessment of Hardware, Software, or Firmware. Shall document the technical assessment addressing Cybersecurity vulnerabilities via a government specified format.


Requirements:

  • 4 or more years of experience in the validation of security configuration of operating systems.
  • 2 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications.
  • Bachelor’s Degree from an Accredited University.
  • Candidates must have extensive experience with risk assessment technologies including analyses of the adequacy of implemented security features across a broad range of technologies.
  • Must have extensive experience conducting security testing and providing accreditation recommendations to decision authorities.
  • A background and experience with NIST SP800-53, CNSSI 1253, DCID 6/3, JSIG, and/or ICD 503. Knowledge of current authorization practices, particularly within the DoD and IC is a must.
  • Must have extensive direct experience with the policies, processes, and methodologies in the application of the Risk Management Framework
  • Must have demonstrated knowledge of host and network access control and auditing technologies and methods.
  • Must have a strong understanding of Unix-based operating systems such as Solaris, BSD, and Linux.
  • Knowledge of network protocols including TCP/IP, DNS, DHCP, ICMP, etc.
  • Understanding of cloud computing technologies a significant plus.
  • Strong understanding of both technical and non-technical RMF controls.
  • Must have an active TS/SCI clearance with the U.S. Federal Government.

https:www.tau-six.com