Security Control Assessor and System Certification Specialist, Senior
About The Position
Security Control Assessor and System Certification Specialist, Senior The Opportunity: Function as a Senior System Certification Specialist or Security Control Assessor as part of a team in the performance of Assessment and Authorization (A&A) activities ensuring National Institute of Standards and Technology (NIST) management, operation, technical, and privacy security control implementation compliance for large, complex DoD information systems. Provide support for executing full Assessment and Authorization life cycle and risk management functions, measuring risk, examining system documentation, interviewing appropriate system and site personnel, testing system technical security configuration settings, reviewing scan results, Platform IT (PIT), and developing findings reports. Demonstrate subject matter expertise in NIST security guidance and security control assessment (SCA) processes using the NIST Risk Management Framework (RMF). Guide and mentor junior members of the team in the SCA process, provide advance analysis and advice to the client, and manage the more complex assessments. You Have:
Requirements
- 7+ years of experience with providing security guidance and IS validation using NIST, RMF, DoD, and local security policies
- Experience with planning and executing comprehensive Cybersecurity test events, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools, including Assured Compliance Assessment Solution (ACAS), or Security Content Automation Protocol (SCAP)
- Experience with providing configuration management (CM) for information system security software, hardware, and firmware, and coordinating changes and modifications as an ISSO, ISSM, or Security Control Assessor (SCA)
- Experience in interfacing with information assurance managers, including preparing and reviewing documentation, including Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and Plan of Actions and Milestones (POA&Ms)
- Knowledge of NIST Contingency Planning, POA&M management, and DoD continuous monitoring
- Top Secret clearance
- Cybersecurity IAT-Level III, CISSP, and CAP Certifications
Nice To Haves
- Experience with DoD Cybersecurity policies, directives, and DoD STIGs
- Experience with leveraging ACAS, CMRS, and eMASS tools
- Experience with assessing organizational risks and recommending mitigation strategies
Benefits
- health
- life
- disability
- financial
- retirement benefits
- paid leave
- professional development
- tuition assistance
- work-life programs
- dependent care
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
