Security Control Assessor

About The Position

Requirements

• Must be able to obtain a High Risk/Public Trust Security Clearance.
• Bachelor’s or equivalent and five to ten (5-10) years related experience.
• At least three years of experience in a computer security incident response role.
• At least three years of enterprise Linux and Windows administration.
• Experience working in a Security Operations Center.
• Experience with Active Directory and other enterprise credential stores.
• Passion for information security and incident response.
• Experience with cyber threat intelligence.
• Excellent communications and interpersonal skills.
• Critical thinking and problem-solving skills.
• Ability to quickly learn new technologies and respond to changing requirements and environment.
• Ability to work independently and in a cross functional team.
• Ability to identify both tactical and strategic solutions to complex issues.
• Advanced malware analysis experience, such as reverse engineering and disassembly design.
• Must be a U.S. citizen.

Nice To Haves

• Active Secret or Top Secret security clearance.

Responsibilities

• Provide overall SA/OSA subject matter expertise to the Information System Security and Authorization (SA) program.
• Provide specific guidance and technical expertise in the form of standards, policies, procedures, and oversight for the program.
• Review and provide guidance on OSA program and continuous monitoring capabilities, PIA, SSPs and identity updates to enhance the quality of these assessments.
• Review and provide advice based on analysis for Privacy Impact Assessments (PIA).
• Review and provide advice based on analysis for Third Party Website and Applications (TPWA).
• Review and analyze all system artifacts for accuracy, completeness, in support of an authorization to operate (ATO) requests.
• Review ATO packages under the RMF for customer systems and the systems of the external partners and create or updated ATO packages as necessary before submission for approval.
• Create or Review ATO packages prior to submission to CISO and CIO approval.
• Ensure all assessment and audit reports are uploaded properly to the FISMA Management Tool: (Cyber Security Assessment and Management (CSAM)).
• Coordinate and assist with data calls and data collection efforts for compiled and managed responses from stakeholders for audit and compliance reporting.
• Conduct audits of closed Plan of Actions and Milestones (POA&M) for completeness and compliance.
• Support the ongoing security authorization (OA) process that includes continuous monitoring.
• Provide document development support for CISO sponsored events and responses to questions and concerns.
• Draft document review and feedback on application of security and privacy requirements (e.g., technical review boards, review of SSPs, RA’s, contingency plan, POA&M reports).
• Track the renewal dates for the security authorizations and ongoing security authorizations to ensure the ATO renewal efforts by working with respective stakeholders, SOs, and ISSOs.
• Conduct lessons learned sessions and developing best practices.

Benefits

• certification incentive program
• PTO
• floating federal holiday options
• several insurance options including HMO and High Deductible plans with Health Savings Accounts [HSAs]
• Flex Spending Accounts [FSAs]
• Full Dental Plans
• Vision
• ST/LT Disability
• Life Insurance
• 401k matched