Security Control Assessor and System Certification Specialist
Job Description
Function as a System Certification Specialist and Security Control Assessor as part of a team in the performance of Assessment and Authorization (A&A) activities ensuring National Institute of Standards and Technology (NIST) management, operation, technical, and privacy security control implementation compliance for large, complex DoD information systems. Provide support for executing full Assessment and Authorization life cycle and risk management functions, measuring risk, examining system documentation, interviewing appropriate system and site personnel, testing system technical security configuration settings, reviewing scan results, Platform IT (PIT), and developing findings reports. Demonstrate subject matter expertise in NIST security guidance and security control assessment (SCA) processes using the NIST Risk Management Framework (RMF).
Requirement(s)
Basic Qualifications: 7+ years of experience with providing security guidance and IS validation using NIST, RMF, DoD, and local security policies Experience with planning and executing comprehensive Cybersecurity test events, including identifying applicable security controls, analyzing assessment procedures, and identification and using required tools, including Assured Compliance Assessment Solution (ACAS) or Security Content Automation Protocol (SCAP) Experience with providing configuration management (CM) for information system security software, hardware, and firmware and coordinating changes and modifications as an ISSO, ISSM, or Security Control Assessor (SCA) Experience in interfacing with information assurance managers, including preparing and reviewing documentation, such as Systems Security Plans (SSPs), Risk Assessment Reports, Certification and Accreditation (C&A) packages, and Plan of Actions and Milestones (POA&Ms) Knowledge of NIST Contingency Planning, POA&M management, and DoD continuous monitoring Top Secret clearance Bachelor's degree in Engineering, Computer Science, or Cybersecurity Cybersecurity IAT-Level III, CISSP or CAP Certification Additional Qualifications: Experience with DoD Cybersecurity policies, directives, and DoD STIGs Experience with leveraging ACAS, CMRS, and eMASS tools Experience with assessing organizational risks and recommending mitigation strategies
