Posted Under: Arlington, Virginia jobs in Other; Other jobs in zipcode 22246
Posted On: 2020-03-26
Requisition #:SECUR02390Job Title: Security Control AssessorLocation:Arlington, VAClearance Level:TS/SCIRequired Certification(s):Possess an active certification of any of the following certifications: CISA, GCIH, GCED, CISSP, or CASP**Selected applicantsmay be subject to a government security investigation and must meet eligibility requirements for access to classified information. **SUMMARY:Each SCA shall be aligned to primarily support a specific Technical Office and/or the Enterprise environment. The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by the target IS - whether Technical Office mission system or ITD Enterprise system -to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities.DUTIES: * Advise the information system owner (ISO) concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system.* Advise the ISO concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system.* Ensure security assessments are completed for each IS.* Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.* Evaluate security assessment documentation and provide written recommendations for security authorization to the CISO and AO.* Assess proposed changes to information systems, their environment of operation, and mission needs that could affect system authorization.* Serve as a cybersecurity technical advisor to the CISO and AO for DARPA IS under their purview.* Be integral to the development of the monitoring strategy. The system-level continuous monitoring strategy must conform to all applicable published DoD enterprise-level or DoD Component-level continuous monitoring strategies.* Determine and document in the SAR a risk level for every non compliant security control in the system baseline.* Determine and document in the SAR an aggregate level of risk to the system, and identify the key drivers for the assessment. The SCA's risk assessment considers threats, vulnerabilities, and potential impacts as well as existing and planned risk mitigation.* Develop the Continuous Monitoring Plan specific to the information system.Qualifications Education and Certifications: * Possess an active certification of any of the following certifications: CISA, GCIH, GCED, CISSP, or CASPEducation relevant to information security, information management, and/or computer scienceBackground Needed and Years of Experience: * Top Secret/SCI * 7 years experience. At least 3 years experience in a technical/security-related capacity * Experience in information systems assessment and authorization (A&A). * Possess knowledge of information technology concepts used in the evaluation of security performance and integrity of applications, communications systems, hardware, software, satellite control systems, and information processing systems.Additional Skills & Qualifications Must Have Technical Skills: * Experience with Information Assurance (IA) vulnerability scanning software tools, implementing Security Technical Implementation Guides (STIGS), and applying IA Vulnerability Assessment (IAVA) patches* Experience creating and maintaining various security documents such as the Security Control Plan/Vulnerability Security Review (SCP/VSR), System Backup and Recovery Plans (SBRP) and Plan of Action and Milestone (POA&M) tables* Knowledge of DITSCAP, RMF, DoD C&A processes, DoD 8500 (Cybersecurity) series and Common Criteria* Experience in JAFAN 6/3 or ICD 503, Joint Special Access Programs Implementation Guide (JSIG) and NISPOM application as related to C&A* Has experience with IA vulnerability scanning software tools, implementing Security Implementation Guides (STIGS), and applying IAVA patches.* Has experience creating and maintaining various security documents such as the SCP/VSR, System Backup and Recovery Plans (SBRPs) and Plan of Action and Milestone (POA&M) tables.Non-Technical Skills: * Ability to constructively engage and resolve challenging situations* Possess excellent briefing and technical writing skills* Available to work before/after typical office hours as work may demand* Independent self-starter, proactive and professional assertive* Effective oral and written communication skills, excellent interpersonal skills, and computer literacy* Proficiency with MS Office Suite (MS Word, Excel, PowerPoint and Outlook)* Strong analytical and problem solving skills* Superior verbal/written skills and presentation skills* Ability to multitask WORKING CONDITIONS:Possible off-hours work to support releases and outages. General office environment with a fast-pace ops tempo. Work is generally sedentary in nature, but may require standing and walking for up to 10% of the time. The working environment is generally favorable. Lighting and temperature are adequate, and there are not hazardous or unpleasant conditions caused by noise, dust, etc. Work is generally performed within an office environment, with standard office equipment available.Strength Demands:Sedentary - 10 lbs. Maximum lifting, occasional lift/carry of small articles. Some occasional walking or standing may be required. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.Physical Requirements: * Stand or Sit* Walk* Repetitive Motion* Use Hands / Fingers to Handle or Feel* Talk or Hear* See***About Us!Agile Defense is an Information Technology Solutions provider committed to partnering with our customers to deliver the highest level of service to our customers. We provided Information Technology (IT) services to the U.S. Government, including several United States Civil agencies and various branches within the U.S. Department of Defense.Agile Defense has established a solid reputation of partnering with our customers to deliver innovative IT solutions with our "Listen. Think. Innovate." philosophy.At Agile Defense, we know that our employees are our most important asset. We believe in our responsibility to our fellow employees, customers, company, and to our country. We promote teamwork, integrity, and creativity; we expect our fellow employees to also live these values.Agile Defense, Inc. does not discriminate in practices or employment opportunities on the basis of an individual's race, color, national or ethnic origin, religion, age, sex, gender, sexual orientation, marital status, veteran status, disability, or any other proscribed category set forth in federal or state regulations.