Job Details

ID #6337080
State District of Columbia
City Washington
Job type Full-time
Salary USD TBD TBD
Source MindPoint Group, LLC
Showed 2020-12-04
Date 2020-12-03
Deadline 2021-02-01
Category Et cetera
Create resume

Security Control Assessor

District of Columbia, Washington, 20001 Washington USA

Vacancy expired!

Job Description

MindPoint Group is seeking a Security Control Assessor (SCA) who will be directly responsible for ensuring our client staff have a positive and productive working relationship with other client Components and or external agencies as applicable. The Security Control Assessor is responsible for knowing all applicable mandates, how and where these mandates tie into client agency orders, policies, instructions, standards, handbooks and guides, as well as the impact of the security requirements on Component systems and mission. The Security Control Assessor will oversee IT security activities and compliance, as well as provide hands-on assistance as appropriate to ensure Component success. In addition, the Security Control Assessor is directly involved in supporting the client in various audit activities while serving as the liaison between the auditors, Components, and the Department. Tasking includes:

  • Develop and provide all documentation necessary for performing a Security Control Assessment.
  • Security Control Assessment Plan (SCAP), Scanning Authorization Requests, Access Requests, Security Assessment Results (SAR), Security Technical Results, and other ad hoc system specific documentation as specified by the government
  • Ensure that system access required for testing is acquired at least 30 days prior to Security Assessment start date and remains for at least 6 months post-assessment to accommodate any additional follow-on testing.
  • Be proficient at testing, analyzing and interpreting Security Assessment Results for all systems, including but not limited to the following platforms.
  • Microsoft Server 2003/2008/Other,Microsoft SQL Server, Oracle DB, Windows XP, 7, Solaris / AIX / UNIX / Linux, Pervasive DB, Mobile Devices, Mainframes, Routers/Switches/Firewalls, Printers/Faxes/Multi-Function Devices, Cold fusion / PHP / ASP, Websphere / JAVA
  • Conduct both Full and Ad Hoc assessments
  • Review the controls that support the Requirements Traceability Matrix (RTM) and the details of the Security Plan (SP) to determine completeness and accuracy.
  • Ensuring accuracy of the assets identified within the system, ensuring the assets are being properly tested within Security Center 4 or other related tool as required by the client and that the monthly testing results are accurate and proper credentials have been provided in order to yield accurate results, and identify any rogue assets that should be within the system boundary.
  • Follow and abide by the SCA Standard Operating Procedure (SOP) that is provided by the client.
  • Provide Security Assessment Results to meet client requirements and standards, which will include at a minimum the following documents: SAR, RTM, and a detailed technical results document as stipulated by the client upon Security Assessment completion.
  • Assist with the interpretation and analysis of Security Assessment Results upon completion of each Security Assessment and/or as requested to assist with post-assessment questions, to assess the vulnerability and risk to the system and to the customer or other connected systems.

Functional Responsibilities:

The candidate may perform any or all of the following:Performs security audits, evaluations, and risk assessments of complex operational systems and facilities and provides recommendations for remediating detected vulnerabilities; conduct security and internal control reviews of sensitive systems. The candidate conducts specific technical reviews to support non-standard operational requirements and systems. Conducts security assessments, security authorizations and assesses technology to ensure that security vulnerabilities are identified and remediated.

Qualifications

  • Active Top Secret clearance required
  • Minimum 6 years of general work experience and 3 years of relevant experience in functional responsibility
  • Candidates should be well-versed in risk management and must have experience working with SDLC, and performing security tasks throughout
  • Experience and working understanding of FISMA compliance, experience conducting all phases of Security Assessment and Authorization (SA&A) and creating documentation in accordance with NIST guidance
  • Understanding and experience with CSAM is a plus
  • Candidate should have strong analytical and organizational skills
  • Candidate should have concise writing skills, excellent MS Word skills as well as other MS Office Applications
  • Personnel shall be well versed with NIST publications, OMB circulars and memorandum, and CNSS publications and their requirements and impact on system security

Additional Information

  • All your information will be kept confidential according to EEO guidelines
  • Equal Opportunity Employer Veterans/Disabled

Vacancy expired!

Subscribe Report job