Security Certification Assessor Tester Evaluator
SECURITY CERTIFICATION ASSESSOR TESTER EVALUATOR – LEVEL III
Candidate MUST HAVE a TS/SCI security clearance in order to be considered.
Our client was recently awarded a program that provides Security and Accreditation Services for the customer on an Enterprise level. They are looking for a Security Certification Assessor Testers Evaluator in to help provide information security Assessment and Authorization (A&A) support throughout a program' s lifecycle to the Government facilities processing information. A Security Certification and Assessor Tester Evaluator (SCATE) is a security professional who reviews and evaluates Information Systems (IS) and recommends to the Government changes that can improve information confidentiality, integrity, and availability. SCATEs are also responsible for performing security focused services to improve the security posture.
Day to Day Responsibilities:
- Conduct comprehensive evaluations and formal testing of technical and nontechnical IS security features and other safeguards to document a set of system security deficiencies.
- Provide support to System Assessment and Authorization activities by conducting unaccompanied and/or team penetration testing on Information Systems.
- Conduct reviews of assessment artifacts (Assessment Test Plans, System Security Plans, Security Requirements Traceability Matrix, etc.) within the time allotted in NRO Assessment and Authorization process.
- Prepare standardized System Assessment reports within the time allotted in customer Assessment and Authorization process.
- Prepare assessments on hardware and software to document any security vulnerabilities that would be introduced to the customer by using this hardware or software, for review and approval by the USG within the time frame requested.
- Review IT and Security related policies to ensure they are technically accurate and make recommendations to the USG.
- Participate in discussions at the system engineering level to enhance the security of the customer’ s networks.
- Provide technical support in investigating and minimizing real or potential damage resulting from security incidents with USG approval.
- Research, evaluate, integrate, recommend and/or distribute IS security tools and associated documentation required for the assessment and authorization (A&A) process as approved by the USG.
- Investigate, specify, and recommend materials, software, and equipment to the Government that will enhance the capabilities of the Government' s Technical Laboratory.
- Install, configure, maintain, document, and manage all TSB internal IT systems and networks to include software and equipment. Management of the systems includes completion and updates of all required C&A documentation.
- Participate in test-bed efforts to enhance the security of the customer’ s networks.
- Perform technical security assessments of IT systems and networks as part of joint Government security reviews (include but not necessarily limited to, Technical information System Security Review (TISSR) and the customer’ s Security Assessment Program.
- BS, plus 8 years IT experience
- Requires a CISSP certification
- Certification and accreditation (C&A) and/or assessment and authorization (A&A).
- DCID 6/3 and/or lCD 503 for the Government' s C&A or A&A process.
- Practical experience conducting information system penetration testing and analysis.
- Practical experience conducting Independent Validation and Verification (IV&V) security testing.
- Practical experience configuring and supporting operating systems, including but not limited to, Windows, Linux, Unix, Mac OS.
- Integration testing.
- Technical knowledge of networks, computer components, power supply technology, RF technology, IR technology, system protocols, and COTS technology.
- System methodologies including: client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers.
- Software integration of COTS and Government Off-the-Shelf (GOTS) products.
- Windows, Linux, Unix, and Mac OS X administration.
- Conducting information system penetration testing and analysis.
- Practical experience configuring and supporting virtualization platforms, including but not limited to, VMware, Xen, Hyper V.
- Practical experience conducting information system engineering.
- Practical experience conducting system maintenance.
- Detecting and preventing computer security compromises in a networked environment.
- Deployment, validation, and verification of secure VMware, Xen, Hyper V, and other virtualization platforms.
- Software engineering.
- Program design and implementation.
- Configuration management.
Job Type: Full Time