Security Control Assessor

Peraton seeks a Cloud Security Control Assessor to support the Army Cyber Command (ARCYBER). Location: Alexandria VA/Metro Park near Fort Belvoir VA.

Tasks include:

• Conduct assessments and facilitate risk mitigation planning
• Provide Assessment and Authorization (A&A) for the ARCYBER cloud infrastructure
• Execute a security control assessment plan and update the System Security Plan
• Review vulnerability scans and remediation
• Implement risk management programs by utilizing NIST FISMA HIPAA and PII -- and document solutions
• Monitor the privacy landscape regarding all data (privacy protection classification and residency)
• Assist clients with identifying gaps within existing privacy programs and designing solutions to help address those challenges
• Scan test and validate systems/networks/applications to obtain/maintain an ATO under NIST/FISMA guidelines.

Required:

• Minimum of 12 years experience with BS/BA; Minimum of 10 years with MS/MA; Minimum of 7 years with Ph.D.
• Must have current IAM level III certification (such as CISM)
• Must have knowledge of enterprise solutions across multiple cloud operating environments (JWICS SIPRNET NIPRNET and commercial Internet)
• Must have eMASS ACAS and ISC2 Certified Cloud Computing Professional (CCSP) or CompTIA Cloud experience
• Must have knowledge in the following areas (via skills assessment)
  • Knowledge of computer networking and/or cloud computing concepts and protocols and network security methodologies
  • Knowledge of cyber threats and vulnerabilities in a virtualized environment.
  • Knowledge of cybersecurity principles
  • Knowledge of national and international laws regulations policies and ethics as they relate to cybersecurity
  • Knowledge of risk management framework processes (e.g. methods for assessing and mitigating risk)
  • Knowledge of specific operational impacts of cybersecurity lapses
  • Knowledge of industry methods for evaluating implementing and disseminating Information Technology (IT) security assessment monitoring detection and remediation tools and procedures using standards-based concepts and capabilities
  • Knowledge of cyber defense and vulnerability assessment tools including opensource tools and their capabilities
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality integrity availability authentication non-repudiation)
  • Knowledge of cybersecurity principles used to manage risks related to the use processing storage and transmission of information or data in a cloud environment
  • Knowledge of IT and cloud computing security principles and methods (e.g. firewalls demilitarized zones encryption)
  • Knowledge of known vulnerabilities from alerts advisories errata and bulletins
  • Knowledge of network and/or cloud computing environment security architecture concepts including topology protocols components and principles (e.g. application of defense-in-depth)
  • Knowledge of organizations evaluation and validation requirements
  • Knowledge of penetration testing principles tools and techniques
  • Knowledge of relevant laws policies procedures or governance related to critical infrastructure.
  • Knowledge of Risk Management Framework (RMF) requirements
  • Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow mobile code cross-site scripting Procedural Language/Structured Query Language PL/SQL and injections race conditions covert channel replay returnoriented attacks malicious code)
  • Knowledge of the Security Assessment and Authorization process
  • Skill in determining how a security and/or cloud computing security system should work (including its resilience and dependability capabilities) and how changes in conditions operations or the environment will affect these outcomes
  • Skill in discerning the protection needs (i.e. security controls) of information systems and networks and those relating to cloud computing
  • Knowledge of IT supply chain security and risk management policies requirements and procedures
  • Knowledge of local specialized system requirements (e.g. critical infrastructure systems that may not use standard IT) for safety performance and reliability
  • Knowledge of new and emerging IT and cybersecurity technologies and/or those technologies specific to cloud computing
  • Knowledge of organizations enterprise and/or cloud computing information security architecture system
  • Knowledge of Personal Identifiable Information (PII) data security standards
  • Knowledge of Personal Health Information (PHI) data security standards
• DoD TS SCI clearance
• U.S Citizenship Required

Preferred

• DoD TS SCI w/poly

Peraton offers enhanced benefits to employees working on this critical National Security program which include heavily subsidized employee benefits coverage for you and your dependents 25 days of PTO accrued annually up to a generous PTO cap and eligible to participate in an attractive bonus plan.

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.