Sr. Security Control Assessor/Cloud - TS/SCI w/Poly Required
Serve as a Security Control Assessor on a team supporting a Government client.
This position requires extensive experience working with Government classified systems; as well as:
- Working knowledge of security vulnerability testing tools: Nessus; AppDetective; WebInspect; NMAP; & self-scans.
-Experience in one or more of the following Information Security disciplines: Network Security; Physical Security; Government Computer Systems; Firewall/Router Management; Security Project Management; and/or Network Vulnerability Analysis.
-Knowledge of exploits; attacks and tools used by skilled hackers to defend against them.
-Experience with doing assessments (testing) in the Cloud.
-Working knowledge of system and network designs.
-Working knowledge of multiple operating systems: Windows Server 2008/2012/; Windows 7/8/10; Macintosh; Linux; and Solaris.
-Working knowledge of secure implementations such as VPNS; encryption technologies; IPSEC; V-LANS; and Wireless technologies.
-Prepares; maintains; and implements an SSP that accurately reflects the security protection measures for each classified information system for which he or she is responsible.
-Provide written recommendations; in sufficient detail to permit the Information Systems Security Manager (ISSM) to make an informed; independent decision to grant and/or disapprove System Security Plans submitted for review.
-Works closely with the System Administrator to maintain the system's security and accreditation status.
-Ensures implementation of these security measures by conducting security reviews of system tests (self scans).
-Verifies users' access requests are approved; controls users' access.
-Ensures users are instructed on the appropriate use of computer systems.
-Provide direct customer support for knowledge-based implementation of security features on laptops; workstations; servers; and network components as required.
-Other Information Systems Security Management Support functions; as tasked.
- Bachelors Degree in Computer Science or a related technical discipline; or the equivalent combination of education; professional training or work experience.
- 10-15 years of related experience in INFOSEC administration.
- 5-10 years of related experience in system & network engineering.
- 5-10 years experience with Windows; Redhat; UNIX; and Solaris operating systems.
-CISSP, IT or security related certifications preferred.
-Working knowledge and understanding of AWS cloud and/or C2S technologies and capabilities.
-Should have familiarization with secure implementations such as VPNs, encryption technologies, IPSEC, V-LANS, and Wireless technologies.
-Implements site procedures for marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media/equipment containing classified information.
-Should have a thorough understanding of the federal rules and regulations that encompass the SCI and collateral security process.
This includes, but is not limited to:
-Federal Information Security Management Act of 2002 (FISMA)
-Security Categorization and Control Selection for National Security Systems (CNSS Instruction No. 1253), dated March 2014.
-ICD 503 Intelligence Community Information Technology Systems Security: Risk Management, Certification and Accreditation, September 15, 2008.
As a trusted systems integrator for more than 50 years, General Dynamics Information Technology provides information technology (IT), systems engineering, professional services and simulation and training to customers in the defense, federal civilian government, health, homeland security, intelligence, state and local government and commercial sectors.With approximately 32,000 professionals worldwide, the company delivers IT enterprise solutions, manages large-scale, mission-critical IT programs and provides mission support services.
GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.