Security Control Assessor
SECURITY CONTROL ASSESSOR/TESTER
Candidate MUST HAVE a TS/SCI with a polygraph security clearance in order to be considered.
Our client’ s program provides Mission Support Services to this Intelligence Customer. As part of this effort, they are looking for on an Information System Security Manager. The ISSM will provide advice/guidance to Sponsor on the implementation of security measures for information systems to regulate access to computer data files and prevent unauthorized modification, destruction, or disclosure of information; and Certification & Accreditation (C&A) deliverables/process.
Day to Day Responsibilities:
- 10 plus years as a SCA and at least a couple years doing assessments in the Amazon Cloud environment.
- Working knowledge of security vulnerability testing tools: Nessus, AppDetective, WebInspect, NMAP, & self-scans.
- Experience with doing assessments (testing) in the Cloud (AWS/C2S/Cloud Experience).
- Working knowledge of systems and network designs
- Should have familiarization with Security Categorization and Control Selection
- Prepares, maintains, and implements an SSP that accurately reflects the security protection measures for each classified information system for which he or she is responsible.
- Provide written recommendations, in sufficient detail to permit the Information Systems Security Manager (ISSM) to make an informed, independent decision to grant and/or disapprove System Security Plans submitted for review.
- Works closely with the System Administrator to maintain the system' s security and accreditation status.
- Ensures implementation of these security measures by conducting security reviews of system tests (self-scans).
- Verifies users' access requests are approved; controls users' access.
- Ensures users are instructed on the appropriate use of computer systems.
- Provide direct customer support for knowledge-based implementation of security features on laptops, workstations, servers, and network components as required.
- Implements site procedures for marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media/equipment containing classified information.
- Should have a thorough understanding of the federal rules and regulations that encompass the SCI and collateral security process.
- Security Categorization and Control Selection For National Security Systems (CNSS Instruction No. 1253), dated March 2014
- ICD 503 Intelligence Community Information Technology Systems Security: Risk Management, Certification and Accreditation, September 15, 2008
- 10 plus years as a SCA
- AWS Cloud
- ICD503 and Risk Management Framework experience
- Authorization and Accreditation
- Security Control Assessment Testing and Penetration Testing
Job Type: Full Time