Senior Security Control Accessor (Government)

This position requires office presence of a minimum of 5 days per week and is only located at customers site. No relocation is offered.

AT&T Global Public Sector is a trusted provider of secure IP enabled cloud-based network solutions and professional services to theFederal Government. We are dedicated to recruiting developing and empowering a diverse high-performing workforce that is passionate about what they do committed to our shared values and dedicated to our customers mission.

Our team supports the federal government leveraging the Enterprise Infrastructure Solutions (EIS) contract vehicle providing multiple and diverse solutions to streamline simplify reuse rebuild modernize or enhance the governments network. This includes professional services design engineering system architecture installation monitoring solutioning etc. Our customers are widespread agencies in the public sector and intelligence communities.

AT&T has an opening for an Independent Accessor to support the Department of State in Washington D.C. on a 10-year contract charged with performing independent Security Control Assessments (SCA) of all networks under the customers purview inclusive of Unclassified Secret & TS/SCI etc.) The role is inclusive of reviews of all existing security system documentation system security plans current Plan of Action & Milestone (POA&M) and Contingency Plan (CP) while utilizing the automated scanning tools to ensure existing applicable policies and standards currently being used are within the Risk Management Framework (RMF) for National Security Systems. Candidate will be responsible for General Support Systems (GSS) major applications minor applications cross domain solutions and cloud instance. Expectations include not only maintaining but to improve make professional recommendations to improve systems by ensuring confidentiality integrity and availability of the Bureaus systems and network infrasturers.

Job Duties/Responsibilities:

*Maintain the current systems while assessing areas of immediate improvement short-term improvement and long-term improvement.

*Use XACTA or other methods deemed viable

*Perform on-going/constant compliance and vulnerability scanning

*Generate & articulate presentable findings for all levels of management inclusive of Senior Government Officials and/or stakeholders

*Maintain staffing strategy and approach providing the government with appropriately cleared IT security professionals where needed in SCAs functions

*Manage and maintain all systems which shall comply with Intelligence Community Directives (ICDs) and Standards (ICS) DOD and DOS compliance.

*Create maintain and provide a project plan to ensure a repeatable process for assessing systems and delivering standardized deliverable documentation

*Must operate in a manner consistent with the Committee on National Security Systems (CNSSI) Instruction 1254 Risk Management Framework Documentation Data Element Standards and Reciprocity Process for National Security Systems (NSS) dated 8/31/2016 and ensure compliance with all appropriate Intelligence Community; National Institute of Standards and Technology (NIST); and Department of State policies directives and guidelines to include Intelligence Community Directives (ICD) and Standards (ICS).

*Make recommendations regarding opportunities to enhance the security posture of all Department systems.

*Ensure security is thoroughly incorporated into requirements design implementation deployment and operations and maintenance (O&M) of the agencies boundary and associated information system components.

*Provide kick off meetings using power point create timelines define actions being performed and make assignments.

*Validate security controls to assure compliance

*Serve as security knowledge expert as it pertains to confidentiality integrity and availability

*Conduct evaluations verification and analysis review of COTS/GOTS hardware/software for security flaws

*Perform all applicable Compliance scans using the most current DOD Security Technical Implementation Guides (STIGs) and generate a clear concise report.

*Perform all applicable Vulnerability Scans and generate a usable clear and concise report which could be used for senior level government management

*Maintain and advanced familiarity with applicable STIGs industry best practices and/or vendor specific practices for ensuring secure configurations stay up to date with new technologies including educating and briefing on new technological advancements.

*Support testing environments well ahead of schedule for new technologies to be on the latest innovations with forward thinking and strategic future proofing.

*Develop a Security Assessment Report (SAR) to be presented to Senior Leadership and Stakeholders providing information on potential risks and solutions well in advance to assist with budgetary planning and implementation planning or testing.

*Provide Weekly Status Report (WAR)

*Ensure time off/PTO is updated and communicated at all times of staff members

*Transition plan creation submission and performance

*Comprehensive understanding of Cyber Security posture of the bureau

*Maintain billable hours provide burn rate reports adhere to schedules

Required Clearance:

TS/SCI (#tssci)

Required Qualifications:

• Bachelors Degree in a field such as Information Systems Computer Science Engineering Management Informations Systems or related technical field AND 10 years providing independent risk analysis determining assessment criteria and documented recommendations which became standard and/or actionable.
• Minimum 7 years experience as a Security Control Assessor and/or related field
• Comprehensive knowledge of NIST 800 series CNSSI ICDS ICSs RMF and Operation Vulcan Logic (OVL).
• Expert knowledge of Cyber Security best practices
• Expert experience with authoritative risk determinations and recommendations critical for the Authorizing Official (AO) to grant an Authority to Operation (ATO).
• Evidence of independent risk assessments of assigned systems and an authorization recommendation
• Current active security certification CISSP CISA CISM
• Other professional certifications a plus

Desired Qualifications:

• Strong client focus
• Strong presentation skills
• Ability to proactively network and establish relationships
• Be able to work in an office environment with other contractors and balance those relationships

Our Senior Security Control Accessors earn between $98100 - $235000. Not to mention all the other amazing rewards that working at AT&T offers. Individual starting salary within this range may depend on geography experience expertise and education/training.

Joining our team comes with amazing perks and benefits:

• Medical/Dental/Vision coverage
• 401(k) plan
• Tuition reimbursement program
• Paid Time Off and Holidays (based on date of hire at least 23 days of vacation each year and 9 company-designated holidays)
• Paid Parental Leave
• Paid Caregiver Leave
• Additional sick leave beyond what state and local law require may be available but is unprotected
• Adoption Reimbursement
• Disability Benefits (short term and long term)
• Life and Accidental Death Insurance
• Supplemental benefit programs: critical illness/accident hospital indemnity/group legal
• Employee Assistance Programs (EAP)
• Extensive employee wellness programs
• Employee discounts up to 50% off on eligible AT&T mobility plans and accessories AT&T internet (and fiber where available) and AT&T phone

Weekly Hours:

Time Type:

Location:

It is the policy of AT&T to provide equal employment opportunity (EEO) to all persons regardless of age color national origin citizenship status physical or mental disability race religion creed gender sex sexual orientation gender identity and/or expression genetic information marital status status with regard to public assistance veteran status or any other characteristic protected by federal state or local addition AT&T will provide reasonable accommodations for qualified individuals with disabilities.AT&T is a fair chance employer and does not initiate a background check until an offer is made.