Join a growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in accrediting secure information systems to join a team of security professionals and help defend national security programs.

Clearance Requirement: Top Secret/SCI. Candidate must be willing to pass a counterintelligence (CI) polygraph.

This position requires full-time on-site support. This is not a remote position.

Position Description:

The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by information systems. Determine the overall control effectiveness through documentation review, inspections, testing, and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Assessments may include applications, hardware, software, Platform and Non-Platform IT systems. Provides support to Cybersecurity incidents, investigations, and overall security program of the customer. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.

Specific responsibilities include:

  • Technical evaluation of the security controls implemented within applications, hardware, operating systems, and network devices across a broad spectrum of commercial and government-developed technologies.
  • Assessment package review and feedback which focuses on the Body of Evidence (BoE) documentation submitted to support the various steps of Risk Management Framework (RMF)
  • Analyze results from multiple cybersecurity products, such as vulnerability scanners, firewall, and intrusion detection/prevention systems to assist in risk determinations.
  • Advising the Authorizing Official (AO) on risk determinations and Approval to Operate.
  • Preparing Security Assessment Reports which focuses on the assessment of an information system in support of the authorization determination.
  • Interface with other cybersecurity organizations, both within and external to the federal government.
  • Support cybersecurity incident response as necessary at the direction of the AO.
  • propose technical and non-technical methods to meet RMF requirements and decrease overall system risk.
  • Enhance the cybersecurity program of the customer and its constituent organizations through technical thought leadership and mentoring of junior staff.
  • Remain current on latest cybersecurity technologies, threats, vulnerabilities, and mitigations.
  • Travel as necessary to support remote system accreditation events.
  • Serves as representative of AO when interacting with system owners, system integrators, and ISSOs.

Position Qualifications:

  • 5 or more years of experience in the validation of security configuration of operating systems.
  • 3 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications.
  • 8 years of overall information technology experience
  • Bachelor’s Degree from an Accredited University.
  • Thorough understanding of the Risk Management Framework, and how its controls, processes, and policies are applied within the U.N. National Security Community.
  • Experience with application of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIG) in multiple technology areas.

    Desired Qualifications:

    • Operating System/Computing Environment certificate for Windows Server 2012 or newer UNIX (Linux (Red Hat), Solaris).
    • Experience with vulnerability scanners.
    • Documented (certificate) RMF training provided by the Intelligence Community or DoD SAP community.
    • Experience as a System Administrator, Information System Security Manager, or Information System Security Officer.
    • Experience applying the requirements of the DoD Joint Special Access Program Implementation Guide (JSIG) to information systems or Cybersecurity programs.