SCA Cross Domain Solutions (CDS) Analyst
SCA Cross Domain Solutions (CDS) Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Job Details
Description
Security Control Assessor (SCA) - Cross Domain Solutions (CDS) Analyst
System High is looking for an experienced CDS Analyst to join our team. This role requires a deep understanding of information security principles risk management frameworks (e.g. NIST Risk Management Framework (RMF)) and specific experience with CDS architectures security controls and evaluation methodologies. The SCA will analyze system configurations review documentation conduct testing and provide recommendations to ensure the confidentiality integrity and availability of information traversing different security domains. The individual will work closely with system owners developers security engineers and other stakeholders to identify vulnerabilities assess compliance and support the authorization process for CDS.
The CDS Analyst will perform the following responsibilities:
- Conduct Security Assessments:Plan execute and document comprehensive security control assessments of CDS adhering to established standards policies and procedures (e.g. NIST SP 800-53A CNSSI 1253).
- CDS Expertise:Demonstrate a strong understanding of CDS architectures security mechanisms (e.g. filtering inspection data diodes) and evaluation methodologies specific to cross-domain data transfer.
- Classification Levels:Possess experience in assessing CDS operating at various classification levels (e.g. Unclassified Secret Top Secret SCI SAP) and understand the unique security requirements associated with each level.
- Risk Management:Identify and analyze security risks associated with CDS determine the likelihood and impact of potential vulnerabilities and recommend appropriate mitigation strategies.
- Documentation Review:Thoroughly review system security plans (SSPs) contingency plans incident response plans and other relevant documentation to ensure compliance with security requirements and generate security assessment reports (SARs).
- Testing and Validation:Perform security assessment testing which may include vulnerability scanning penetration testing and security control validation to identify weaknesses and verify the effectiveness of security controls.
- Reporting and Recommendations:Prepare clear concise and comprehensive security assessment reports that document findings risks and recommendations for remediation. Provide technical guidance to system owners and developers on implementing security controls and addressing vulnerabilities.
- Compliance:Ensure CDS comply with applicable security policies standards and regulations including NIST publications DoD directives and other relevant guidelines.
- Collaboration:Collaborate effectively with system owners developers security engineers and other stakeholders to facilitate the security assessment process and promote a strong security posture.
- Continuous Improvement:Stay informed of emerging security threats vulnerabilities and technologies and contribute to the continuous improvement of security assessment methodologies and processes.
- Authorization Support:Support the authorization process for CDS by providing technical expertise reviewing security documentation and participating in security authorization working groups.
- Travel:May require occasional travel to support assessment activities at various locations.
Qualifications
Required Qualifications
- Education:
- A bachelors degree in Computer Science Information Security or a related field; equivalent experience may be considered.
- A bachelors degree in Computer Science Information Security or a related field; equivalent experience may be considered.
- Experience:
- Minimum of 10-15 years of experience in information security with a focus on security assessment and authorization.
- Demonstrated experience assessing CDS isrequired.
- Experience with DoD DSAWG/ISRMC and/or DIA processes for authorizing a CDS is required.
- Experience working with various classification levels (e.g. Unclassified Secret Top Secret) isrequired; SCI and SAP are preferred.
- Experience with the NIST RMF isrequired.
- Certifications:
One or more of the following certifications is highly desirable:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Ethical Hacker (CEH)
- CompTIA Security
- GIAC Security Certifications (e.g. GSEC GCIA GPEN)
- Technical Skills:
- Strong understanding of security principles risk management frameworks and security controls.
- Proficiency in conducting vulnerability assessments penetration testing and security control validation.
- Experience with security assessment tools and technologies (e.g. Nessus Nmap Metasploit).
- Familiarity with operating systems networking protocols and security architectures.
- Knowledge of security hardening techniques and best practices.
- Communication Skills:
- Excellent written and verbal communication skills with the ability to effectively communicate technical information to both technical and non-technical audiences.
- Excellent written and verbal communication skills with the ability to effectively communicate technical information to both technical and non-technical audiences.
- Preferred Qualifications:
- Experience with specific CDS technologies and vendors (e.g. Everfox/Forcepoint Owl Cyber Defense).
- Experience with cloud security assessments.
- Knowledge of security automation and orchestration tools.
- Familiarity with agile development methodologies.
Additional Information
- This job description is not designed to cover or contain all job duties required of the employee. There may be additional activities duties and/or responsibilities that are required for this position that are not listed in this job description.
- In compliance with federal law all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
- System High is a Military friendly employer. Our extensive work on behalf of the U.S. government offers those who have served in uniform an opportunity to continue to serve their country in a new and exciting way while enjoying a successful civilian career.
- System High Corporation is an Equal Opportunity/Affirmative Action Employer. We consider applicants without regard to race color religion age national origin ancestry ethnicity gender gender identity gender expression sexual orientation marital status veteran status disability genetic information citizenship status or membership in any other group protected by federal state or local law.
- Equal opportunity legal notices can be viewed on the following PDFs: EEO is the Law; EEO is the Law Supplement; Pay Transparency Nondiscrimination
Warning: Beware of recruitment scams: System High will never request money or personal purchases during the hiring process. Verify all communications come from a or email address.
Required Experience:
IC
Employment Type
Contract
