Security Control Assessor Expert with Security Clearance

Security Control Accessor
Location: Tysons
Core Hours: 9 am - 3 pm
Clearance: CI or FSP
Expert
Job Description:
• Performs all procedures necessary to ensure the safety of information systems assets and to protect systems from intentional or inadvertent access or destruction.
• Evaluates the security controls within network systems to identify vulnerabilities and recommend actions to correct problems working either alone or as part of a team. Ensures integrity of IT systems by identifying and mitigating potential avenues of exploitation including system level attacks and user level attacks.
• Applies experience with RMF, CNSSI 1253, NIST SP 800-53, and NISPOM
• Applies experience with Security Technical Implementation Guides (STIGs) and Security Content Automation Protocol (SCAP) Compliance Checker (SCC)
• Demonstrated experience conducting hands on security testing, analyzing results, documenting risks, and recommending countermeasures
• Demonstrated experience developing risk assessment reports based on review of security plans and interviews with developer/customer assess systems against information assurance policies, regulations and instructions
• Demonstrated experience providing threat analysis based on identified security vulnerabilities
• Develops and documents security evaluation test plans and procedures
• Demonstrated experience testing security architectures of cloud-based systems and applications, identifying vulnerabilities and providing security remediation
• Familiarity with securing Operational Technology (OT), including supervisory control and data acquisition SCADA), distributed control systems DCS), programmable logic controllers (PLCs), and physical access control systems PACSs) while addressing their unique performance, reliability, and safety requirements.
• Familiarity with NIST SP 800-82 "Guide to Operational Technology (OT) Security", to include typical system topologies, common threats and vulnerabilities, methods and techniques for securing OT systems and countermeasures to mitigate associated risk.
• Expertise in conducting risk-based assessments within Operational Technology (OT) systems including the identification of potential threats, vulnerabilities, regulatory compliance, documentation/reporting, and impacts on critical operations
• Deep understanding of various Operational Technology (OT) systems, architectures and components and security assessment tools/resources such as MITRE ATT&CK for Industrial Control Systems and the National Vulnerability Database (NVD)
• BA/BS
• 2+ years of technical related experience
Required Skills:
• Candidates for this position must have performed one full year of Pen Test or Security Control Assessment within the last three years in one following cloud environment (AWS, IBM, Google, Microsoft Azure, or Oracle Cloud).
• Compliance and vulnerability scanning tools (XACTA, RedSeal, Nessus, Splunk, McAfee ePO, and/or other vulnerability scanners)
• Strong understanding of the Assessment and Authorization (A&A) process
• Excellent oral and technical writing skills
Desired Certifications: CASP, CCNP Security, CISA, CISSP, GCED, or GCIH