Security Control Assessor

The Informatics Applications Group
Suitland, MD
Apr 06, 2021
Apr 09, 2021
IT, Security Engineer
Full Time
TIAG is now hiring a Security Control Assessor to support a DoD customer. For this program TIAG provides a range of cyber security, Information Technology (IT) engineering services support, assessment and authorization (A), and cyber operations support including support for life-cycle management policy, guidance, oversight, and direction for a cyber analytics system.The SCA is responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an IS to determine the overall effectiveness of the controls (ie, the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). SCAs also provide an assessment of the severity of weaknesses or deficiencies discovered in the IS and its environment of operation and recommend corrective actions to address identified vulnerabilities. Responsibilities will cover Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities within the customer's area of responsibility. This position is based near Washington, DC.Position Responsibilities: Works closely with the Cybersecurity team and engineering personnel to develop and guide them throughout the RMF lifecycle Performs oversight of the development, implementation and evaluation of IS security program policy; special emphasis placed upon integration of existing SAP network infrastructure Performs assessment of ISs, based upon the Risk Management Framework (RMF) or the JAFAN 6/3 process and updates XACTA accordingly Advises the stakeholders on any assessment and authorization processes and issues Completes approval package for Cross Domain Solutions (CDS) per TSABI process for a successful Authorization to Connect (ATC) with assistance from cyber team and developers Evaluates Authorization packages and make recommendation to the AO and/or DAO for authorization Evaluates IS threats and vulnerabilities to determine whether additional safeguards are required Advises the stakeholders concerning the impact levels for Confidentiality, Integrity, and Availability for the information on a system Reviews and approves the IS Security Assessment Plan, which is comprised of the SSP, the SCTM, and the Security Control Assessment Procedures Conducts security assessments and ensure completeness for each IS At the conclusion of each security assessment activity, prepares the final Security Assessment Report (SAR) containing the results and findings from the assessment Initiates a Plan of Action and Milestones (POA) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR Evaluates security assessment documentation and provides written recommendations for security authorization to the stakeholders Develops recommendation for authorization and submits the security authorization package to the authorities Assists team members attain and maintain Authorization to Operate (ATO) Assists the customer with security incidents that relate to cybersecurity and ensures that the proper and corrective measures have been taken Assesses changes within the IS boundary that could affect the authorization of the boundary Ensures that IS requirements are addressed during all phases of the system life cycle Required Experience: DoD TS/SCI Clearance Eligibility for access to Special Access Program Information Bachelor of Science (BS) in Information Technology, Cybersecurity, Engineering or similar; MS preferred An Information Assurance certification in compliance with DoD 8570 IAT Level III (ex. CISSP) 5+ years of experience with IA / INFOSEC concepts and requirements: Firewall Policy, Ports & Protocols, Cybersecurity, Cybersafe, DoD/DCID A processes and standards, etc. 5+ years of related experience 3+ years of experience in SAP and Collateral Information Systems (IS) Security and the implementation of regulations identified in the description of duties 3+ years of experience with Assured Compliance Assessment Solution (ACAS) vulnerability scanner, Security Technical Information Guidance (STIG) requirements and compliance process, SCAP Content Checker, Security Readiness Review (SRRs), and other DoD approved tools like Splunk and Twistlock Experience with Cross Domain Solutions (CDS) Ability to manage time well to meet assigned milestones Ability to communicate effectively with technical team as well as leadership Join our culture that fosters out-of-the-box thinking, collaboration, and fun.