Security Controls Assessor Respresentative (SCAR) - SME

Modern Technology Solutions, Inc.•Colorado Springs, CO

45d•$170,000 - $200,000•Remote

About The Position

Modern Technology Solutions Inc. (MTSI) is seeking a Security Controls Assessor Representative (SCAR) Subject matter Expert (SME) to join our team in the Colorado Springs area in support of Department of the Air Force (DAF) and U.S. Space Force (USSF) programs. The candidate will be responsible for overseeing, assessing, and maintaining compliance with applicable security regulations and leading the Information Assurance program for various classified Information Systems (IS)s across USSF. This position requires an active Top Secret clearance with SCI eligibility . A successful candidate must be a self-starter who possesses initiative, excellent communication skills, the ability to lead diverse teams, to collaborate effectively with cross-functional teams and a proven problem solver. Your essential job functions will include but may not be limited to: Overseeing and ensuring organizations are addressing cybersecurity during all phases of the System Development Life Cycle and are conducting continuous monitoring and reporting requirements Regularly liaising with external program offices and organizations to mentor, collaborate with, and provide recommendations concerning best practices and ensuring compliance with Security Assessment Report (SAR) requirements Performing assessments of the implementation of DoD, and National Institute of Standards and Technology (NIST) Information System (IS) security program policies with special emphasis upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG) Authoring, reviewing, and analyzing RMF assessment packages for completeness and accuracy, and documenting the effectiveness of controls, plans, and procedures implementation Ensuring completeness of security assessments and that results are documented and preparing the SAR for the authorization boundary Evaluating Authorization packages and making recommendations to and discussing with the Subordinated, Delegated and/or Authorizing Official (SAO, DAO, and/or AO) Ensuring corrective actions were taken for identified findings and vulnerabilities in the SARs Assessing proposed changes to authorization boundaries, the operating environment, and mission needs and making recommendations to risk status Assisting the government in compliance inspections and representing the customer on inspection teams Reviewing and assessing procedures for clearing, sanitizing, and destroying various types of hardware and media Assessing if organizations are addressing cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data Preparing and delivering briefings on program and/or assessment status to high-level government and MTSI officials

Requirements

14+ years or more of Security Controls Assessor (SCA)/SCAR or related experience
10+ years or more experience in the role or combination of the roles of Information Systems Security Manager (ISSM), Information Systems Security Officer (ISSO), or Information Systems Security Engineer (ISSE)
Experience assessing SAP and SCI information systems
Experience with authoring A&A documentation and artifacts for SAP and SCI systems
Knowledge of federal security requirements and mandates (e.g., RMF, Federal Information Processing Standards (FIPS), NIST, and JSIG)
Excellent oral and written communication skills
Ability to work well independently or as a team member
Bachelors degree in computer science, software engineering, data science, software development or STEM related specialty
DoD 8140.3 Certified
Top Secret, SCI eligible (Must be a U.S. Citizen)
SAP eligibility (Counterintelligence Polygraph may be required)

Nice To Haves

Cloud certifications (AWS, Azure, CCSP, etc.)
Cloud experience
Zero-trust Cloud Security
USSF/DAF Cybersecurity assessments
Master's Degree in a related field (desired)

Responsibilities

Overseeing and ensuring organizations are addressing cybersecurity during all phases of the System Development Life Cycle and are conducting continuous monitoring and reporting requirements
Regularly liaising with external program offices and organizations to mentor, collaborate with, and provide recommendations concerning best practices and ensuring compliance with Security Assessment Report (SAR) requirements
Performing assessments of the implementation of DoD, and National Institute of Standards and Technology (NIST) Information System (IS) security program policies with special emphasis upon the Risk Management Framework (RMF) methodology in accordance with the Joint Special Access Program (SAP) Implementation Guide (JSIG)
Authoring, reviewing, and analyzing RMF assessment packages for completeness and accuracy, and documenting the effectiveness of controls, plans, and procedures implementation
Ensuring completeness of security assessments and that results are documented and preparing the SAR for the authorization boundary
Evaluating Authorization packages and making recommendations to and discussing with the Subordinated, Delegated and/or Authorizing Official (SAO, DAO, and/or AO)
Ensuring corrective actions were taken for identified findings and vulnerabilities in the SARs
Assessing proposed changes to authorization boundaries, the operating environment, and mission needs and making recommendations to risk status
Assisting the government in compliance inspections and representing the customer on inspection teams
Reviewing and assessing procedures for clearing, sanitizing, and destroying various types of hardware and media
Assessing if organizations are addressing cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data
Preparing and delivering briefings on program and/or assessment status to high-level government and MTSI officials