Security Control Assessor (SCA)
Share
Job Location:
Washington - USA
Monthly Salary:
Not Disclosed
Posted on:
30+ days ago
Vacancies:
1 Vacancy
Job Summary
ASSYST is seeking a Security Control Assessor (SCA) to support our government customer Project based in Washington DC.
This position is contingent upon contract award
Hybrid - Rockville MD / Washington D.C
Responsibilities:
Required Skills:
Applications (may include but not limited to):
This position is contingent upon contract award
Hybrid - Rockville MD / Washington D.C
Responsibilities:
- Configure interpret and identify vulnerabilities or false positives in web application server and database scans.
- Plan and perform security control assessments for ESS customer systems in accordance with NIST SP 800-53 and SP 800-53A using ESS LoB processes and guidance to support authority to operate (ATO) or annual assessment processes. Activities may include interviews documentation reviews physical security walkthroughs and technical vulnerability testing.
- Perform assessments of PCIF facilities and/or OpDivs in accordance with NIST 800-79 requirements for authorization of Personal Identity Verification (PIV) Card Issuers and Derived PIV Credential Issuers (DPCI).
- Assist with identification and recommendation of PCIF Corrective Action Plans (CAPs).
- Identify organizational security weaknesses in personnel controls training incident and emergency response logical and physical security operational security and integrity of software applications and data.
- Develop and deliver reports and presentations communicating findings of security control assessments.
- Conduct vulnerability assessments on networks servers websites and databases to support assessment activities.
- Assess review update and develop documentation to support ESS LoB in security controls assessment activities.
- Provide input for weekly customer status reports and project plans.
- Maintain tools laptops and testing materials.
- Conduct on-site assessments of PCIF facilities across the continental U.S.
- Demonstrate prior experience performing assessments validating and justifying compliance or non-compliance in accordance with NIST guidance FISMA and FISCAM.
Required Skills:
- 58 years of IT security experience performing and configuring information security scans and evaluating system security controls.
- Certifications such as CISSP or equivalent credentials for penetration testing and vulnerability assessment.
- In-depth knowledge of IT security laws directives and policies relevant to Federal government agencies.
- Understanding of security requirements across secured and non-secured environments.
- Familiarity with IT security products (hardware software services) technologies protocols and best practices.
- Experience performing technical evaluations and validating compliance/non-compliance with NIST FISMA and FISCAM for Federal agencies.
- Knowledge of standard security policies and procedures including ensuring testing machines and equipment remain physically secure and accessible only to authorized personnel.
- Excellent written and oral communication skills.
- Hands-on experience with vulnerability scanning and testing using tools for web application testing server scanning and manual system configuration validation.
Applications (may include but not limited to):
- Nmap
- Netcat
- Nipper Studio
- Microsoft Baseline Security Analyzer
- Tenable Nessus
- Security Center
- Wireshark
- Core Impact
- IBM Appscan Standard
- Burp Suite Professional
- Application Security AppDetective Pro
- WebInspect
Key Skills
- Intelligence
- Information Technology Sales
- Accounts
- Auto Parts
- Data Analysis
About Company
Assystem is an international engineering services consulting company based in Paris, France. It resulted from the merger, in 1995, of ATEM and Alphatem. Nowadays, Assystem consists of two divisions, Energy & Infrastructure and Global Product Solutions.
