Are you ready to enhance your skills and build your career in a rapidly evolving business climate Are you seeking a career where professional development is embedded in your employers core culture If so Chenega Military Intelligence & Operations Support (MIOS) could be the place for you! Join our team of professionals who support largescale government operations by leveraging cuttingedge technology and take your career to the next level!
SecuriGence is a wholly owned subsidiary of Chenega Corporation an Alaska Native Corporation based in Anchorage AK. Belonging to the Military Intelligence and Operations Support (MIOS) Strategic Business Unit (SBU) Chronos has a culture rooted in integrity respect and exceptional performance. SecuriGence headquartered in Leesburg VA provides missioncritical services in Cybersecurity Systems Engineering and Integration IT Operations Support Software Development and Program Management.
Job Title: Senior Security Control Assessor (SCA) Location: Arlington Virginia Clearance Level: Top Secret Clearance Summary We deliver essential technology services to our customers in support of their missions to sustain the national security and economic interest of our nation. SecuriGence is seeking a talented Senior Security Control Assessor to help contribute to our success. Come help us solve problems with Innovation Through Intelligence. Duties:
Advise the Information System Owner (ISO) concerning the impact levels for Confidentiality Integrity and Availability for the information on systems.
Ensure security assessments are completed for each IS.
Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR.
Evaluate security assessment documentation and provide written recommendations for security authorization to the CISO and AO.
Assess proposed changes to Information Systems their environment of operation and mission needs that could affect system authorization.
Serve as a cybersecurity technical advisor to the CISO and AO under their purview.
Be integral to the development of the monitoring strategy. The systemlevel continuous monitoring strategy must conform to all applicable published DoD enterpriselevel or DoD Componentlevel continuous monitoring strategies.
Determine and document in the SAR a risk level for every noncompliant security control in the system baseline.
Determine and document in the SAR an aggregate level of risk to the system and identify the key drivers for the assessment. The SCAs risk assessment considers threats vulnerabilities and potential impacts as well as existing and planned risk mitigation.
Develop the continuous monitoring plan specific to the information system.
Required Skills and Experience:
Strong knowledge of Risk Management Framework (RMF) 80037 and continuous monitoring 800137
Expert knowledge and handson experience with FISMA Systems NIST 800series guidelines FIPS Security Assessment & Authorization (SA&A) requirements and processes Continuous Monitoring Framework experience and its tools Plan of Action & Milestones (POA&M) policies and vulnerability/patch management risk management project management proficient with Microsoft products Word Excel PowerPoint.
Proficient with vulnerability and scanning tools and wellversed in interpreting risk posture resulting from assessment reports. Experience in project management and tracking and the Microsoft suite of office products
Experience of assessing cloudbased security authorizations (FedRamp AWS & Azure) as well as the NIST control responsibilities
Experience with SAP/JSIG
Expert with documenting and or reviewing of security materials such as; system security plans (SSP) Security Assessment Report (SAR) and Security Assessment Plan (SAP) and other documents per NIST 800 guidelines.
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.