Senior Security Control Assessor#1

Title: Security Control Assessor, Senior

Location: On-site Bethesda, MD

· Job Type: Full-time (40 hours per week) with benefits.

· Availability: immediate.

· Security Clearance: TS/SCI with CI Polygraph.

Job Description:

Bachelor’s degree in computer engineering, Computer Science, Electrical Engineering, information systems, Information Technology, Cybersecurity, or a closely related discipline.

•  Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelor’s degree.

•  A Master’s degree in an applicable discipline be substituted for three years of demonstrated work experience

·  Three (3) years of cybersecurity experience, with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF),or a similar framework.

·  One full year of SCA experience within the last three calendar years.

·  One full year of experience supporting the cloud environment and performing security assessments in the cloud environment (AWS, Google, IBM, Azure, and Oracle).

·  Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP associate, GCED, GCIH, or CCSP.

·  Knowledge of Independent Verification & Validation (IV&V) of security controls.

·  Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework).

·  Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate.

·  Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems (e.g., Cloud Environments) ASW, Google, IBM, Azure, and Oracle.

Other Requirements:

·         Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection.

·         Knowledge of system and application security threats and vulnerabilities.

·         Knowledge of network access, identity, and access management e.g. public key infrastructure(PKI).

·         Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP),Dynamic Host Configuration, Domain Name System (DNS), and directory Services.

·         Ability to assess the robustness of security systems and designs.

·         Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, and non-repudiation).

·         Three years of experience performing security assessments in a cloud computing environment.

·         Strong writing skills.

·         Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.

·         Report vulnerabilities identified during security assessments.

·         Write penetration testing Rules of Engagement (ROE), Test Plans, and Standard operating procedures (SOP).

·         Conducted security reviews and technical research and provided reporting to increase security mechanisms.

·         Travel Domestic and International Travel 0-25%.

Mandatory Skill Sets:

·         Cloud Based Services

·         Cloud: Amazon Web Services (AWS)

·         DOD 8570.01M

·         DoD 8570 IAM lvl 3

·         Independent Verification and Validation (IV&V) Testing

·         Oracle

Desired Certifications:

·         CISM

·         CISSP

·         ICD 705

·         Interface Control Document (ICD)

NIST SP 800-53