Sr. Security Control Assessor - TS/SCI w/Poly Required
- Full Time
Serve as a Security Control Assessor on a team supporting a Government client. This position requires extensive experience working with Government classified systems; as well as:
-Working knowledge of security vulnerability testing tools: Nessus; AppDetective; WebInspect; NMAP; & self-scans.
-Experience in one or more of the following Information Security disciplines: Network Security; Physical Security; Government Computer Systems; Firewall/Router Management; Security Project Management; and/or Network Vulnerability Analysis.
-Experience with doing assessments (testing) in the Cloud.
-Working knowledge of system and network designs.
-Working knowledge of multiple operating systems: Windows Server 2008/2012/; Windows 7/8/10; Macintosh; Linux; and Solaris.
-Working knowledge of secure implementations such as VPNS; encryption technologies; IPSEC; V-LANS; and Wireless technologies.
-Prepares; maintains; and implements an SSP that accurately reflects the security protection measures for each classified information system for which he or she is responsible.
-Provide written recommendations; in sufficient detail to permit the Information Systems Security Manager (ISSM) to make an informed; independent decision to grant and/or disapprove System Security Plans submitted for review.
-Works closely with the System Administrator to maintain the system's security and accreditation status.
-Ensures implementation of these security measures by conducting security reviews of system tests (self scans).
-Verifies users' access requests are approved; controls users' access.
-Ensures users are instructed on the appropriate use of computer systems.
-Provide direct customer support for knowledge-based implementation of security features on laptops; workstations; servers; and network components as required.
-Other Information Systems Security Management Support functions; as tasked.
5-10 years of related experience in system & network engineering.
Bachelors Degree in Computer Science or a related technical discipline; or the equivalent combination of education; professional training or work experience.
10-15 years of related experience in INFOSEC administration.
5-10 years experience with Windows; Redhat; UNIX; and Solaris operating systems.
-CISSP, IT or security related certifications preferred.
-Should have familiarization with secure implementations such as VPNs, encryption technologies, IPSEC, V-LANS, and Wireless technologies.
-Implements site procedures for marking, handling, controlling, removing, transporting, sanitizing, reusing, and destroying media/equipment containing classified information.
-Should have a thorough understanding of the federal rules and regulations that encompass the SCI and collateral security process. This includes, but is not limited to:
-Federal Information Security Management Act of 2002 (FISMA)
-Security Categorization and Control Selection for National Security Systems (CNSS Instruction No. 1253), dated March 2014.
-ICD 503 Intelligence Community Information Technology Systems Security: Risk Management, Certification and Accreditation, September 15, 2008.
-Working knowledge and understanding of AWS cloud and/or C2S technologies and capabilities a plus.
GDIT is an Equal Opportunity/Affirmative Action Employer - Minorities/Females/Protected Veterans/Individuals with Disabilities.