Security Control Assessor (SCA)
Position OverviewZENETEX is a rapidly growing, energetic, and win-focused enterprise supporting Federal government, military, and civilian agencies. We have offices located in Washington, DC, Maryland, Virginia, North Carolina, Oklahoma, New Jersey, and California. We are an organization committed to growth and shared success for all stakeholders; we are customer-driven, mission focused, and operate with integrity and trust in all relationships.We have an opportunity for a Security Control Assessor in Springfield, VA.DescriptionThe Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. Determine the overall control effectiveness through documentation review, inspections, testing and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Provide initial mitigation of Cybersecurity incidents, support incident investigations, and closure of the incident. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.Assessment of security controls and organizational requirements shall include: Assessment Package Feedback which focuses on the documentation submitted to support the various steps of Risk Management Framework (RMF). Recommend a format for this document for government approval. Security Assessment Report which focuses on the assessment of an information system in support of the authorization determination. Shall provide a draft report using the government provided template; may recommend format changes for government consideration. Periodic Cybersecurity Assessment Report or Security Compliance Report which focuses on the assessment of a Cybersecurity program at a location. Shall provide a draft report using the government provided template; may recommend format changes for government consideration. Cybersecurity Incident Reports which focus on documenting Cybersecurity incidents. Shall provide a draft report using the government provided template; may recommend format changes for government consideration. Technical Assessment of Hardware, Software, or Firmware. Shall document the technical assessment addressing Cybersecurity vulnerabilities via a government agreed format, such as a Help Desk ticket application, electronic mail, memorandum, etc. Shall develop an annual compilation of findings and observations based upon the Security Assessment Reports and Periodic Cybersecurity Assessment Reports or Security Compliance Reports based upon fiscal year assessments. The format shall be recommended for government approval. The compilation shall be void of system names, system identification numbers, government or contractor locations, and individual names. Draft and/or preliminary documents shall be presented in one of the following electronic formats: Microsoft Office version 2007 compatible (.docx, .xlsx, or .pptx) or the standard Portable Document Format (PDF) format. Final and/or approved format shall be determined by the government; may recommend additional formats. Travel approximately 30% annuallyQualifications Shall have 4 or more years of experience in the validation of security configuration of operating systems. Shall have 2 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications. Shall meet the Cyber IT/Cybersecurity Workforce (CSWF) Security Control Assessor (612); Intermediate Level for SECNAV M-5239.2 compliance. (See Navy Cool WebSite)Education: Bachelor Degree from accredited University; orCNSSI 4012-Senior Systems Managers/4013-System Administrators/4014-Information Systems Security Officers (ISSO) /4015-Systems Certifiers/4016-Risk Analysts; orNDU CISO certificate-Chief Information Security Officer (CISO); ORTraining: NEC 741A Information System Security Manager; orNEC 742A Network Security Vulnerability Technician; orNEC H08A Advanced Network Analyst; ORCertification: Certified Authorization Professional (CAP); orCisco Certified Network Associate (CCNA) Routing and SwitchingRetired; orCompTIA Security+ ce; ANDOJT: NAVEDTRA 43469 Watchstation 302 - Information Assurance Technician Level II (Privileged User); ANDContinuous Learning: DoD requires 20 hours Continuous Learning each calendar year. This requirement is in addition to any industry certification Continuous Learning requirement. [Note: DoD 20 hours Annually - Industry certification Continuous Learning may be applied towards DoD 20 hour annual requirement. However, not all DoD Continuous Learning hours can be applied to industry certification Continuous Learning requirement, check with certification agency on what may be accepted.]; ANDOperating System/Computing Environment Certificate: Operating System/Computing Environment (OS/CE) certificate of training, as dictated by Command Cyber IT/CSWF-PM; ANDSign Privileged Access Statement: System Authorization Access Request (SAAR) with Privileged Access agreement as required by Local Command.Desired Qualifications: Strongly desired experience with application of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides. Operating System/Computing Environment certificate for Windows Server 2012 or newer UNIX (Linux (Red Hat), Solaris). Experience with vulnerability scanners. Documented (certificate) RMF training provided by the Intelligence Community or DoD SAP community. Experience with assessing security relevant applications. Experience as a System Administrator, Information System Security Manager, or Information System Security Officer. Experience applying the requirements of the DoD Joint Special Access Program Implementation Guide (JSIG) to information systems or Cybersecurity programs. A cyber credential at the Master proficiency level for specialty area Securely Provision -Risk Management as outlined in SECNAV M-5239.2. Experience with Cross Domain Solutions (CDS)Security ClearanceThis position will require US citizenship and an active DoD Top Secret clearance. Candidate must be willing to pass a counterintelligence (CI) polygraph.ZENETEX is an equal opportunity/affirmative action employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected veteran status, age, or any other characteristic protected by law.