Security Control Assessor
Skill Level: Senior
Location: McLean


** MUST HAVE A POLY CLEARANCE TO APPLY**


Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.

Evaluates the security controls within network systems to identify vulnerabilities and recommend actions to correct problems working either alone or as part of a team. Ensures integrity of IT systems by identifying and mitigating potential avenues of exploitation including system level attacks and user level attacks.

• Applies experience with RMF, CNSSI 1253, NIST SP 800-53, and NISPOM
• Applies experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
• Demonstrated experience conducting hands on security testing, analyzing results, documenting risks, and recommending countermeasures
• Demonstrated experience developing risk assessment reports based on review of security plans and interviews with developer/client assess systems against information assurance policies, regulations and instructions
• Demonstrated experience providing threat analysis based on identified security vulnerabilities
• Develops and documents security evaluation test plans and procedures
• Demonstrated experience testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation
   

• BA/BS
• 2+ years of technical related experience
   

• Compliance and vulnerability scanning tools (XACTA, RedSeal, Nessus, Splunk, McAfee ePO, and/or other vulnerability scanners)
• Strong understanding of the Assessment and Authorization (A&A) process
• Excellent oral and technical writing skills
• Desired Certifications: CASP, CCNP Security, CISA, CISSP, GCED, or GCIH