WORK REQUIREMENTS
- Evaluate Government customer systems against NIST SP 800-53 Security Controls.
- Conduct a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by complex and diverse information systems to determine the overall effectiveness of the control implementation.
- Function as an independent and unbiased advocate who provides evidence to validate the trustworthiness of the system for the designated Authorizing Official (AO).
- Conduct hands-on security control testing, analyze Body of Evidence (BoE) documentation and test results, document risk and recommend countermeasures.
- Provide an assessment of the severity of weakness or deficiencies discovered in the information system and its environment of operation and recommend corrective actions to address identified vulnerabilities.
- Conduct hands-on security testing leveraging commercial tools and custom developed scripts and procedures.
- Execute vulnerability/compliance assessment tools and evaluate results for systems undergoing security assessment.
- Prepare security assessment reports containing the results and findings form the assigned security control assessments.
- Provide documentation to the customer which describes all identified system risks, planned test procedures taken and test results.
REQUIRED SKILLS AND DEMONSTRATED EXPERIENCE
- TS/SCI with Polygraph (active / in-scope)
- Bachelor’s Degree
- 4+ years of relative experience. Additional experience may be considered in lieu of a degree
- Familiarity with conducting security assessment in support of accreditation and or authorization (A&A) decisions.
- Familiarity with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and or 800-53A Revision 4 as well as 800-30, 37 and 39.
- CompTIA Security+
- Certified Information Systems Security Professional (CISSP)
Job Category: Cyber Security
Job Type: Full Time
Job Location: Herndon VA