Apply on Employer Site

Arcfield · 2 months ago

Security Control Assessor (SCA) Professional– Level III

Chantilly, Virginia

Full-time

Onsite

Senior Level, Lead/Staff

8+ years exp

Arcfield is dedicated to protecting the nation through innovations in various fields including cybersecurity. They are seeking a Level III Security Control Assessor (SCA) professional to support Risk Management Framework workflows and perform comprehensive assessments of security controls to ensure their effectiveness.

ConsultingManagement Consulting

Comp. & Benefits

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Review and assess information systems (IS) for compliance with IC, DoD, and ND guidelines

Provide IS security advice and guidance to government and industry partners

Advise Information System Owners (ISO) on confidentiality, integrity, and availability impact values

Offer technical guidance for Authorization and Accreditation (A&A) responses

Evaluate IS threats and vulnerabilities, recommending additional safeguards as needed

Support development and implementation of Customer’s IT-IA-IM policies

Contribute to future Customer IS security policy development

Conduct site visits and assessments, prepare written reports for government approval

Ensure completion of security control assessments for each IS

Support RMF process-related presentations, briefings, and reports

Utilize Customer's RMF system of record for workflow duties and documentation

Track and report on RMF process workflow activities and metrics

Prepare Security Assessment Reports (SARs) and Authorization Recommendations

Collaborate on Plans of Action and Milestones (POAMs) based on assessment findings

Review and approve IS Security Assessment Plans

Address security issues as requested by the government

Support A&A for special programs and tactical operations

Conduct reviews and write reports for ISAP or TISSRs

Verify proper implementation and documentation of security controls in System Security Plans (SSPs)

Assess severity of identified weaknesses and recommend corrective actions

Act as IS liaison between Directorates and Offices

Qualification

TS/SCI clearanceSCA experienceAdvanced IS security skillsCAP certificationCISSP certificationTechnical project managementCloud security experienceEffective report writingTeam coordination

Required

Must possess and be able to maintain a TS/SCI clearance with polygraph

BS 10-12, MS 8-10, PhD 5-7

STEM degree

SCA experience

Certifications: CAP, CASP, CISM, CISSP (or Associate), GSCL, CGRC/CAP, Cloud+, CYSA+, GSEC, PenTest+

Relevant experience in technical project management

Advanced IS security skills and knowledge

Familiarity with IA concepts

Ability to review and recommend vulnerability and risk levels associated with SW and HW products

Practical experience developing and implementing security related directives

Practical experience performing IS' A&A as defined in applicable ICDs and guidance

Practical experience utilizing risk management strategies for IT solutions

Understanding of emerging technologies and their implementation w/in government systems and network environments

Knowledge of IT concepts used in evaluation of security performance and integrity of state-of-the-art applications, communications systems, HW, SW, satellite controls systems, and information processing systems

Understanding of IT systems, SW, and networks

Practical experience assessing security of cloud-based systems including IaaS, PaaS, and/or SaaS deployment

Ability to effectively coordinate A&A activities of industry and government IS' to meet acquisition milestone requirements

Effective technical report and general correspondence writing ability

Ability to manage and track systems or programs involved in A&A process

Experience developing and implementing security related directives and guidance for IT-IA-IM

Experience working with a mixed skill level team to ensure that appropriate knowledge and skill transfer occurs