Job Number: R0050387
Security Control Assessor, Senior
Provide Cybersecurity testing and security control validation and assessment of technical and non-technical security features implemented on a system or network in support of the DoD Risk Management Framework (RMF) Assessment and Authorization (A&A) process and legacy DoD Information Assurance Certification and Accreditation (DIACAP) for a DoD program. Validate security configurations to ensure they are implemented in accordance with DoD Cybersecurity policies, requirements, and directives, including compliance with Security Technical Implementation Guidance (STIG), Security Requirements Guides (SRGs), and checklists. Leverage automated testing tools and manual test methodologies to identify system vulnerabilities and noncompliance. Support the task lead in organizing and leading the A&A team through the accreditation process. Develop daily and weekly reports for team progress.
-10+ years of experience with Cybersecurity
-10+ years of experience with federal or DoD government implementation of the NIST RMF for A&A
-Experience with authoring comprehensive Risk Management Framework (RMF) packages independently
-Experience with performing technical security assessments, including vulnerability assessments, security control reviews, and system configuration checks to support RMF
-Experience with planning and executing comprehensive Cybersecurity test events, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools, including Retina, Nessus, Assured Compliance Assessment Solution (ACAS), or Security Content Automation Protocol (SCAP)
-Experience with performing manual testing methods and procedures using STIGs, SRGs, and checklists
-BA or BS degree in Technology, IT, or Cybersecurity
-DoD 8140/8570 IAM I or IAT II Certification
Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; Secret clearance is required.
We're an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.JSP1
Apply on company website