Senior Security Control Assessor (SCA) - Cloud Based Computing

Avantus-posted 25 days ago
Full-time • Mid Level
Chantilly, VA
Professional, Scientific, and Technical Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

QinetiQ US is looking for a Senior Security Control Assessor with cloud-based experience to support a dynamic DoD client in the Chantilly, VA area. Candidates are expected to leverage their past experience and knowledge to help deliver superior support to a rapid prototyping office and should have experience in supporting various cloud-based platforms such as Amazon Web Services, Azure, Microsoft Google etc.

  • Advise the Information System Owner (ISO) concerning the impact levels for Confidentiality, Integrity, and Availability for the information on systems.
  • Develop methods to monitor and measure risk, compliance, and assurance efforts.
  • Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
  • Assess the effectiveness of security controls.
  • Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
  • Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
  • Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
  • Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
  • Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
  • Ensure security assessments are completed for each Information System.
  • Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.
  • Evaluate security assessment documentation and provide written recommendations for security authorization to the CISO and AO.
  • Assess proposed changes to Information Systems, their environment of operation, and mission needs that could affect system authorization.
  • Serve as a cybersecurity technical advisor to the CISO and AO under their purview.
  • Be integral to the development of the monitoring strategy. The system-level continuous monitoring strategy must conform to all applicable published DoD enterprise-level or DoD Component-level continuous monitoring strategies.
  • Determine and document in the SAR a risk level for every noncompliant security control in the system baseline.
  • Determine and document in the SAR an aggregate level of risk to the system and identify the key drivers for the assessment. The SCA's risk assessment considers threats, vulnerabilities, and potential impacts as well as existing and planned risk mitigation.
  • Develop a continuous monitoring plan specific to the information system.
  • Other duties as assigned
  • Bachelor's degree required
  • 15+ years relevant experience
  • DOD 8140 IAM Level II (CAP, CASP, CISM, CISSP, GSLC, CCISO) one of these certifications is required
  • Top Secret clearance with SCI eligibility is required #qinetiqclearedjob
  • Strong knowledge of Risk Management Framework (RMF) 800-37 and continuous monitoring 800-137
  • Expert knowledge and hands-on experience with FISMA Systems, NIST 800-series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management, risk management, project management, proficient with Microsoft products - Word, Excel, PowerPoint.
  • Proficient with vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports. Experience in project management and tracking, and the Microsoft suite of office products
  • Experience in assessing cloud-based security authorizations (FedRamp, AWS & Azure) as well as the NIST control responsibilities
  • Strong knowledge of CSAM
  • Expert with documenting and or reviewing security materials such as; system security plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines.
  • Experience supporting cloud-based security authorizations (FedRamp, AWS, & Azure)
  • Experience creating Security Assessment Plans, Security Assessment Reports, and Executive-level briefings
  • Top Secret/SCI with CI Poly preferred
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service