Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Cybersecurity Security Control Assessor (SCA) for a Department of Defense customer. This high-profile contract will assist the DoD with the oversight and management of information technology projects to integrate critical Enterprise services. The ideal candidate will bring excellent cybersecurity and information assurance knowledge to the program coupled with strong communication skills. Candidates must possess thorough understanding of Windows operating systems, cloud technologies, and contemporary networking.
Clearance Required: Top Secret / SCI
- Provide thought leadership and mentoring in the area secure system implementation and protection.
- Conduct thorough cybersecurity evaluations of national security networks and systems using the Risk Management Framework (RMF) control families.
- Provide leadership with authorization recommendations based on findings.
- Document the results of field inspections and tests.
- Prepare system implementers for successful assessments through coordination and advisement.
- Research evaluate new security technologies and countermeasures
- Assist in the oversight of remedial plan of actions and milestones (POA&M) with system implementers.
- Conduct vulnerability analysis and penetration testing as necessary.
- Moderate travel within the continental United States in support of A&A
- Candidates must have extensive experience with risk assessment technologies including analyses of the adequacy of implemented security features across a broad range of technologies.
- Must have extensive experience conducting security testing and providing accreditation recommendations to decision authorities.
- A background and experience with NIST SP800-53, CNSSI 1253, DCID 6/3, JSIG, and/or ICD 503. Knowledge of current authorization practices, particularly within the DoD and IC is a must.
- Must have extensive direct experience with the policies, processes, and methodologies in the application of the Risk Management Framework
- Must have demonstrated knowledge of host and network access control and auditing technologies and methods.
- Must have an understanding of incident response, configuration management, and defense in depth best practices.
- Knowledge of network protocols including TCP/IP, DNS, DHCP, ICMP, etc.
- Understanding of cloud computing technologies a significant plus.
- Strong understanding of both technical and non-technical RMF controls.
- Must have an active TS/SCI clearance with the U.S. Federal Government.