Security Control Assessor

mclean, VA

Job ID: 123773 Industry: Government

SECURITY CONTROL ASSESSOR/TESTER

Candidate MUST HAVE a TS/SCI with a polygraph security clearance in order to be considered.

Program Description:

Our client’ s program provides Mission Support Services to this Intelligence Customer.   As part of this effort, they are looking for on an Information System Security Manager. The ISSM will provide advice/guidance to Sponsor on the implementation of security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information; and Certification & Accreditation (C&A) deliverables/process.

Day to Day Responsibilities:
  • 10 plus years as a SCA and at least a couple years doing assessments in the Amazon Cloud environment. 
  • Working knowledge of security vulnerability testing tools: Nessus, AppDetective, WebInspect, NMAP, & self-scans.
  • Experience with doing assessments (testing) in the Cloud (AWS/C2S/Cloud Experience).
  • Working knowledge of systems and network designs
  • Should have familiarization with Security Categorization and Control Selection
  • Prepares, maintains, and implements an SSP that accurately reflects the security protection measures for each classified information system for which he or she is responsible.
  • Provide written recommendations, in sufficient detail to permit the Information Systems Security Manager (ISSM) to make an informed, independent decision to grant and/or disapprove System Security Plans submitted for review.
  • Works closely with the System Administrator to maintain the system' s security and accreditation status.
  • Ensures implementation of these security measures by conducting security reviews of system tests (self-scans).
  • Verifies users' access requests are approved; controls users' access.
  • Ensures users are instructed on the appropriate use of computer systems.
  • Provide direct customer support for knowledge-based implementation of security features on laptops, workstations, servers, and network components as required.
  • Implements site procedures for marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media/equipment containing classified information.
  • Should have a thorough understanding of the federal rules and regulations that encompass the SCI and collateral security process.
  • Security Categorization and Control Selection For National Security Systems (CNSS Instruction No. 1253), dated March 2014
  • ICD 503 Intelligence Community Information Technology Systems Security: Risk Management, Certification and Accreditation, September 15, 2008

Required:
  • 10 plus years as a SCA
  • AWS Cloud
  • ICD503 and  Risk Management Framework experience
  • Authorization and Accreditation
  • Security Control Assessment Testing and  Penetration Testing

Desired:
  • CISSP

 Job Type: Full Time

Not ready to apply?

Send an email reminder to:

Related Jobs: