Security Control Assessor (SCA)

Springfield, VA

GuidePoint Security LLC

View company page

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

Candidates MUST have be a US Citizen with an active Top Secret clearance for consideration (TS/SCI with Poly is preferred). This position is not remote.

 

The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. Determine the overall control effectiveness through documentation review, inspections, testing, and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Provide initial mitigation of Cybersecurity incidents, support incident investigations, and closure of the incidents. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities.

 

Assessment of security controls and organizational requirements shall include:

  • Assessment Package Feedback which focuses on the documentation submitted to support the various steps of Risk Management Framework (RMF). Recommend a format for this document for government approval.
  • Security Assessment Report which focuses on the assessment of an information system in support of the authorization determination. Shall provide a draft report using the government provided template; may recommend format changes for government consideration.
  • Periodic Cybersecurity Assessment Report or Security Compliance Report which focuses on the assessment of a Cybersecurity program at a location. Shall provide a draft report using the government provided template; may recommend format changes for government consideration.
  • Cybersecurity Incident Reports which focus on documenting Cybersecurity incidents. Shall provide a draft report using the government provided template; may recommend format changes for government consideration.
  • Technical Assessment of Hardware, Software, or Firmware. Shall document the technical assessment addressing Cybersecurity vulnerabilities via a government agreed format, such as a Help Desk ticket application, electronic mail, memorandum, etc.
  • Shall develop an annual compilation of findings and observations based upon the Security Assessment Reports and Periodic Cybersecurity Assessment Reports or Security Compliance Reports based upon fiscal year assessments. The format shall be recommended for government approval. The compilation shall be void of system names, system identification numbers, government or contractor locations, and individual names.
  • Draft and/or preliminary documents shall be presented in one of the following electronic formats: Microsoft Office version 2007 compatible (.docx, .xlsx, or .pptx) or the standard Portable Document Format (PDF) format. Final and/or approved format shall be determined by the government; may recommend additional formats.
  • Incumbent travel requirements are approximately 30% annually to support critical business needs.

Qualifications

  • Shall have 4 or more years of experience in the validation of security configuration of operating systems.
  • Shall have 2 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications.
  • Shall meet the Cyber IT/Cybersecurity Workforce (CSWF) Security Control Assessor (612); Intermediate Level for SECNAV M-5239.2 compliance. 

 

Travel Requirements:

Travel approximately 30% annually.


Education:

Bachelor Degree from accredited University; or

Certification:

Certified Authorization Professional (CAP); OR Cisco Certified Network Associate (CCNA) Routing and Switching; OR CompTIA Security+ ce


Desired Qualifications:

  • Strongly desired experience with application of the Defense Information Systems Agency (DISA) Security Technical Implementation Guides.
  • Operating System/Computing Environment certificate for Windows Server 2012 or newer UNIX (Linux (Red Hat), Solaris).
  • Experience with vulnerability scanners.
  • Experience with Cloud technologies.
  • Documented (certificate) RMF training provided by the Intelligence Community or DoD SAP community.
  • Experience with assessing security relevant applications.
  • Experience as a System Administrator, Information System Security Manager, or Information System Security Officer.
  • Experience applying the requirements of the DoD Joint Special Access Program Implementation Guide (JSIG) to information systems or Cybersecurity programs.
  • A cyber credential at the Master proficiency level for specialty area Securely Provision - Risk Management as outlined in SECNAV M-5239.2.
  • Experience with Cross Domain Solutions (CDS).

Security Clearance

This position will require U.S. citizenship and an active DoD Top Secret clearance. Candidate must be willing to obtain and pass a Counterintelligence (CI) Polygraph.

Why GuidePoint?

GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 700 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 3,000 Enterprise-Level customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.  

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

  • Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
  • 100% employer-paid medical and dental premiums with generous employer family contributions
  • 11 corporate holidays in 2022 (12 in 2023) and a Flexible Time Off (FTO) program
  • Healthy mobile phone and home internet allowance
  • Eligibility for retirement plan after 2 months at open enrollment
  • Pet Care plan

 

Tags: Clearance Cloud Compliance CompTIA CSWF DoD Linux Polygraph Red Hat Risk management SAP Security assessment Security Assessment Report Security Clearance Solaris Top Secret Top Secret Clearance TS/SCI UNIX Vulnerabilities Windows

Perks/benefits: Flex hours Flex vacation

Region: North America
Country: United States
Job stats:  10  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.