Security Control Assessor

Overview VTG seeks to hire a Security Control Assessor (SCA) to provide information security Assessment and Authorization (A&A) support throughout the program lifecycle. The SCA conducts independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls at contractor or government facilities. What will you do? Responsibilities Collaborate with system stakeholders and teammates to enhance system security Communicate effectively with all security stakeholders Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level Draft statements of preliminary or residual security risks for system operation (System Assessment Reports) Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations Do you have what it takes?

Requirements Clearance:

Active TS/SCI with Polygraph Knowledge of and experience with

ICD 503, NIST SP

800-37, and the Security Assessment and Authorization process Knowledge of the

NIST SP 800-53

Controls and the

SP 800-53A

Assessment methodologies and procedures Willing to travel 25% of time to support testing events both locally and via commercial air, and can include overnight stays Currently hold or obtain and maintain DoD 8570 IAM Level II certification within 6 months of starting the position Bachelor's degree + 5 years of experience OR High School or Associate's degree + 7 years of experience OR Master's degree or higher + 3 years of experience (Education and experience should be relevant to computer engineering, information security, cyber security, information management, and/or computer science, and experience with technical project management and performing Accreditation testing) Basic Qualifications Familiarity with IA concepts Ability to review and recommend vulnerability and risk levels associated software and hardware products Ability to provide basic IA support to SCA Level 2 - 4 personnel in the conduct of assessment actions Practical experience performing information systems A&A as defined in applicable ICDs and guidance Practical experience developing and implementing security related directives and guidance for

IA/IT/IM

Practical experience utilizing risk management strategies for information technology solutions Understanding of emerging technologies and their implementation within Government system and network environments Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems Understanding of information technology systems, software, and networks Ability to effectively coordinate A&A activities of industry and Government information systems to meet acquisition milestone requirements Effective technical report and general correspondence writing ability Desired Qualifications Ability to manage and track systems or programs involved in the A&A process Experience developing and implementing security related directives and guidance for

IA/ IT/IM

Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs ISC2 Certified Authorization Professional (CAP) / Certified in Governance, Risk and Compliance (CGRC)

Qualifications:

Requirements Clearance:

Active TS/SCI with Polygraph Knowledge of and experience with

ICD 503, NIST SP

800-37, and the Security Assessment and Authorization process Knowledge of the

NIST SP 800-53

Controls and the

SP 800-53A

Assessment methodologies and procedures Willing to travel 25% of time to support testing events both locally and via commercial air, and can include overnight stays Currently hold or obtain and maintain DoD 8570 IAM Level II certification within 6 months of starting the position Bachelor s degree + 5 years of experience OR High School or Associate s degree + 7 years of experience OR Master s degree or higher + 3 years of experience (Education and experience should be relevant to computer engineering, information security, cyber security, information management, and/or computer science, and experience with technical project management and performing Accreditation testing) Basic Qualifications Familiarity with IA concepts Ability to review and recommend vulnerability and risk levels associated software and hardware products Ability to provide basic IA support to SCA Level 2 - 4 personnel in the conduct of assessment actions Practical experience performing information systems A&A as defined in applicable ICDs and guidance Practical experience developing and implementing security related directives and guidance for

IA/IT/IM

Practical experience utilizing risk management strategies for information technology solutions Understanding of emerging technologies and their implementation within Government system and network environments Knowledge of information technology concepts used in the evaluation of security performance and integrity of state-of-the-art applications, communications systems, hardware, software, satellite control systems, and information processing systems Understanding of information technology systems, software, and networks Ability to effectively coordinate A&A activities of industry and Government information systems to meet acquisition milestone requirements Effective technical report and general correspondence writing ability Desired Qualifications Ability to manage and track systems or programs involved in the A&A process Experience developing and implementing security related directives and guidance for

IA/ IT/IM

Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs ISC2 Certified Authorization Professional (CAP) / Certified in Governance, Risk and Compliance (CGRC)