Security Certification Assessor, Senior
SECURITY CERTIFICATION ASSESSOR – LEVEL IV
Candidate MUST HAVE a TS/SCI security clearance in order to be considered.
Our client was recently awarded a program that provides Security and Accreditation Services for the customer on an Enterprise level. They are looking for a Security Certification Assessor in order to help provide information security Assessment and Authorization (A&A) support throughout a program' s lifecycle to the Government facilities processing information. A Security Control Assessor (SCA) is a security professional that provides information security Assessment and Authorization (A&A) support throughout customer program’ s lifecycle to both Contractor and Government facilities processing customer information. All Security Control Assessors require relevant technical experience.
Day to Day Responsibilities:
- Review information systems for compliance with applicable DCID, ICD, and NRO directives and guidance, and make recommendations to the USG;
- Provide IS security advice and guidance in accordance with applicable DCID, ICD, and NRO directives and guidance to Government and industry partners for the protection of data at all classification levels including SCI;
- Provide IS technical guidance and support in preparing responses for USG approval to A&A questions asked by Government and industry partners;
- Evaluate and recommend approval, disapproval, or waiver(s) for IS processing national security data at industry and/or Government facilities;
- Support NRO Security' s development and implementation of directives and guidance for NRO Information Assurance, Information Technology, and Information Management policies;
- Provide input to NRO for consideration in the promulgation of future NRO IS security policy;
- Support and/or conduct site visits and assessments to inspect and verify IS reports and plans at industrial and Government locations as approved by the Government, and provide a written report for review and approval by the USG;
- Prepare reports and memoranda, to include, but not limited to: Memoranda for the Record (MFR), Memoranda of Agreement (MOA), Authorization To Proceed, and status and technical briefs for review and approval by USG;
- Update data and maintain Government-provided databases with current information about Government and industry IS status and representative contact information.
- Prepare, review, and record notification and status messages to indicate A&A state of systems to system owner or programs in a USG approved format.
- Ensure that appropriate IS security requirements including applicable DCID, ICD, and NRO directives and guidance are addressed and applied and that appropriate documentation is prepared by the system owners or programs. The documentation will be contained in the Security Assessment Package, including, but not limited to the Concept of Operations (CONOPS) Plan, System Security Plans, System Requirements Traceability Matrix, Risk Management Matrix, Test Results, interface control documents, requests for changes, test plans, and other related program security documentation;
- Track completion of the Security Assessment Package and report status;
- Support the preparation of the Security Assessment Report (SAR). The SAR contents include, but is not limited to the, Summary of Assessment results and Authorization Recommendation;
- Review, coordinate, and respond to IS security issues as requested by the Government;
- Perform short term (less than 90 days) CONUS and OCONUS travel to conduct site security inspections when approved by the Government;
- Provide A&A support to the Government for the protection of special programs and tactical operations related activities.
- BS plus 10 years or HS plus 15 years
- IAM III Certification required (CISSP or CISM or GSSLC)
- Ability to simultaneously manage and track multiple large scale systems or programs involved in the A&A process.
- Experience performing information systems assessment and authorization (A&A) as defined in applicable DCID and ICD directives and guidance
- Experience effectively coordinate, manage and track A&A activities, systems or programs of industry and Government information systems to meet acquisition milestone requirements
- Expert knowledge of data security administration principles, methods, and techniques
- Requires familiarity with domain structures, user authentication, and digital signatures
- Requires understanding of firewall theory and configuration
- Requires understanding of DHS/DoD policies and procedures, including FIPS 199, FIPS 200, NIST 800-53, DHS 4300A SSH and other applicable policies
- Experience developing and implementing security related directives and guidance for Information Assurance, Information Technology, and Information Management
- Technical knowledge of networks, computer components, power supply technology, RF technology, IR technology, system protocols, and COTS technology.
- System methodologies including: client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers.
- Software integration of COTS and Government Off-the-Shelf (GOTS) products.
- Windows, Linux, Unix, and Mac OS X administration.
- Conducting information system penetration testing and analysis.
- Practical experience configuring and supporting virtualization platforms, including but not limited to, VMware, Xen, Hyper V.
- Practical experience conducting information system engineering.
- Practical experience conducting system maintenance.
- Detecting and preventing computer security compromises in a networked environment.
- Deployment, validation, and verification of secure VMware, Xen, Hyper V, and other virtualization platforms.
- Configuration management.
Job Type: Full Time