Security Control Assessor (SCA) I

About The Position

Requirements

• Top Secret/SCI Clearance Must Currently Possess
• Top Secret SCI + Polygraph Clearance Must Be Able to Obtain
• 5+ years of related experience
• US Citizenship Required
• Minimum of three (3) years’ experience in SAP, SCI or Collateral Information Systems (IS) Security and the implementation of regulations identified in the description of duties.
• Prior performance in the role of ISSO and ISSM.
• Must be willing to submit to a CI polygraph.

Nice To Haves

• IAT Level 3 (CISSP, CASP+ CE, CCNP Security, CISA, etc.) or IAM Level 1 - within 6 month of hire

Responsibilities

• Conduct comprehensive assessments of management, operational, and technical security controls within Information Systems (IS).
• Determine the overall effectiveness of security controls and identify weaknesses or deficiencies.
• Recommend corrective actions to address identified vulnerabilities.
• Perform oversight of the development, implementation, and evaluation of IS security program policy, with emphasis on integration of existing SAP network infrastructure.
• Perform assessment of ISs based upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG).
• Advise the Information System Owner (ISO), Information Data Owner (IDO), Program Security Officer (PSO), and the Delegated and/or Authorizing Official (DAO/AO) on assessment and authorization issues.
• Evaluate Authorization packages and make recommendations to the AO and/or DAO for authorization.
• Evaluate IS threats and vulnerabilities to determine whether additional safeguards are required.
• Advise the Government concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system.
• Ensure security assessments are completed and results documented, and prepare the Security Assessment Report (SAR) for the Authorization boundary.
• Initiate a Plan of Action and Milestones (POA&M) with identified weaknesses for each Authorization Boundary assessed, based on findings and recommendations from the SAR.
• Evaluate security assessment documentation and provide written recommendations for security authorization to the Government.
• Discuss recommendations for authorization and submit the security authorization package to the AO/DAO.
• Assess proposed changes to Authorization boundaries operating environment and mission needs to determine the continuation to operate.
• Review and concur with all sanitizations and clearing procedures in accordance with Government guidance and/or policy.
• Assist the Government with compliance inspections.
• Assist the Government with security incidents that relate to cybersecurity and ensure that the proper and corrective measures have been taken.
• Ensure organizations are addressing and conducting all phases of the system development life cycle (SDLC).
• Evaluate Hardware and Software to determine security impact that it might have on Authorization boundaries.
• Evaluate the effectiveness and implementation of Continuous Monitoring Plans.
• Represent the customer on inspection teams.

Benefits

• 401K with company match
• Comprehensive health and wellness packages
• Internal mobility team dedicated to helping you own your career
• Professional growth opportunities including paid education and certifications
• Cutting-edge technology you can learn from
• Rest and recharge with extra paid vacation and holidays
• Variety of medical plan options, some with Health Savings Accounts
• Dental plan options
• Vision plan
• Ability to contribute both pre and post-tax dollars to 401(k) up to the IRS annual limits and receive a company match
• Full flex work weeks where possible
• Variety of paid time off plans, including vacation, sick and personal time, holidays, paid parental, military, bereavement and jury duty leave
• Short and long-term disability benefits
• Life, accidental death and dismemberment, personal accident, critical illness and business travel and accident insurance are provided or available.