ClearanceJobs

Security Control Assessor - TS/SCI with Polygraph with Security Clearance

Job posted: Jul 18, 2024
Chevy Chase, Maryland, United States; Maryland, Illinois, United States
  • Salary average
    $148,750  -  $201,250
    per YEAR
  • Type of employment
    Full-time
  • Remote
    n/a

Company

Responsibilities

  • Rest and recharge with paid vacation and holidays
  • Assess and calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing
  • Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures
  • Actively participate in or lead Technical Exchange Meetings
  • Identify mitigating countermeasures to identified threats, vulnerabilities, and shortfalls
  • Provide enhancement capabilities and Standard Operating Procedures
  • Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references
  • Maintain accountability to endure integrity and confidentiality of the assessment process
  • Review and make recommendations on program-level documentation
  • Develop and document security evaluation test plan and procedures
  • Write penetration testing Rules of Engagement (RoE), Test Plans, and Standard Operating Procedures (SOP
  • Assist in researching, evaluating, and developing relevant Information Security policies and guidance
  • Provide documentation to Customer which describes all identified system risks, planned test procedures taken, and test results
  • Provide enhancement capabilities and Standard Operating Procedures (SOPs) to assessment operations for execution and implementation
  • Conducted security reviews and technical research and provided reporting to increase security defense mechanisms
  • Provide analysis of vulnerabilities and exploitations
  • Write penetration testing Rules of Engagement

Contract

40 hours per week

Candidate requirements

  • Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range
  • Knowledge of system and application security threats and vulnerabilities
  • Relevant to confidentiality, integrity, availability, authentication, non-repudiation
  • Three years of experience performing security assessments in a cloud computing environment
  • Knowledge of cybersecurity principles and organizational requirements
  • One full year supporting cloud environment and experience performing security assessments in a cloud environment
  • Maintain accountability to endure integrity and confidentiality of the assessment process
  • Skill in conducting vulnerability scans and recognizing vulnerability in security systems (, Cloud Environments) AWS, Google, IBM, Azure, and Oracle
  • Ability to assess the robustness of security systems and designs
  • One full year of SCA experiences within the last three calendar years
  • Skill in conducting vulnerability scans and recognizing vulnerability in security systems
  • Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services
  • Knowledge of Independent Verification & Validation
  • Knowledge of network protocols such as Transition Control Protocol/Internet Protocol
  • Knowledge of Independent Verification & Validation (IV&V) of security controls
  • Knowledge of network access, identity, and access management public key infrastructure

Skills used at work

  • Ad tech
  • Analysis
  • Documentation
  • Evaluation
  • Penetration testing
  • Standard operating procedure
  • Test plan
REQ#: RQ178436 Public Trust: None Requisition Type: Regular Your Impact Own your opportunity to serve as a critical component of our nation's safety and security. Make an impact by using your expertise to protect our country from threats. Job Description A career as a Security Control Assessor at GDIT means owning every opportunity to help support and advance our clients' missions. At GDIT, cyber security is embedded into every aspect of what we do. We're constantly evolving our cyber solutions to overcome our clients' biggest challenges, and you will have the opportunity to develop and grow as these technologies evolve. HOW A SECURITY CONTROL ASSESSOR WILL MAKE AN IMPACT * Provide documentation to Customer which describes all identified system risks, planned test procedures taken, and test results

  • Provide enhancement capabilities and Standard Operating Procedures (SOPs) to assessment operations for execution and implementation
  • Maintain accountability to endure integrity and confidentiality of the assessment process
  • Provide analysis of vulnerabilities and exploitations
  • Review and make recommendations on program-level documentation (e.g., requirements specification, system architecture, design documents, test plans, security plans, etc.)
  • Develop and document security evaluation test plan and procedures
  • Assist in researching, evaluating, and developing relevant Information Security policies and guidance
  • Actively participate in or lead Technical Exchange Meetings (TEMS) and application review boards, documenting actions items/results of these events
  • Brief management, as needed, on the status of action items and/or results of activities
  • Conduct hands-on security testing, analyze test results, document risk, and recommend countermeasures
  • Assess and calculate risk based on threats, vulnerabilities, and shortfalls uncovered in testing
  • Identify mitigating countermeasures to identified threats, vulnerabilities, and shortfalls.
  • Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection. WHAT YOU'LL NEED TO SUCCEED: * Education: Bachelor's Degree (Computer Engineering, Computer Science, Electrical Engineering, Information Systems, Information Technology, Cybersecurity, or a closely related discipline)
  • Required Experience: 6+ yrs
  • Required Technical Skills: * Three (3) years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework.
  • One full year of SCA experiences within the last three calendar years.
  • One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle).
  • Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) AWS, Google, IBM, Azure, and Oracle.
  • Must meet Department of Defense (DOD) 8570.01-Manual (M) Information Assurances Workforce Improvement Program requirement for Information Assurance Manger (IAM) Level III (CISM, CISSP or Associate GSLC or CCISO).
  • Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework).
  • Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate.
  • Knowledge of Independent Verification & Validation (IV&V) of security controls.
  • Three years of experience performing security assessments in a cloud computing environment.
  • Strong writing skills.
  • Knowledge of system and application security threats and vulnerabilities.
  • Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI)
  • Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services.
  • Ability to assess the robustness of security systems and designs.
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.
  • Report vulnerabilities identified during security assessments.
  • Write penetration testing Rules of Engagement (RoE), Test Plans, and Standard Operating Procedures (SOP).
  • Conducted security reviews and technical research and provided reporting to increase security defense mechanisms.
  • Security Clearance Level: TS/SCI with active polygraph
  • Location: Bethesda, MD - On Customer Site GDIT IS YOUR PLACE: * 401K with company match
  • Comprehensive health and wellness packages
  • Internal mobility team dedicated to helping you own your career
  • Professional growth opportunities including paid education and certifications
  • Cutting-edge technology you can learn from
  • Rest and recharge with paid vacation and holidays. #ISP2024InnovativeTalent #OpportunityOwned

#GDITCareers

#WeAreGDIT

#JET Work Requirements .cls-1{fill:none;stroke:#5b6670;stroke-miterlimit:10;stroke-width:2px} Years of Experience 6 + years of related experience * may vary based on technical training, certification(s), or degree .cls-2{fill:none;stroke:#5b6670;stroke-miterlimit:10;stroke-width:2px} Certification Travel Required Less than 10% .cls-3{fill:none;stroke:#5d666f;stroke-miterlimit:10} Citizenship U.S. Citizenship Required Salary and Benefit Information The likely salary range for this position is $148,750 - $201,250. This is not, however, a guarantee of compensation or salary. Rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range. View information about benefits and our total rewards program. About Our Work We are GDIT. A global technology and professional services company that delivers consulting, technology and mission services to every major agency across the U.S. government, defense and intelligence community. Our 30,000 experts extract the power of technology to create immediate value and deliver solutions at the edge of innovation. We operate across 30 countries worldwide, offering leading capabilities in digital modernization, AI/ML, Cloud, Cyber and application development. Together with our clients, we strive to create a safer, smarter world by harnessing the power of deep expertise and advanced technology. GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.

Job posted: Jul 18, 2024

Expiration date: Jul 18, 2025