Security Control Assessor (SCA) jobs in United States
cer-icon
Apply on Employer Site
company-logo

Apavo Corporation · 2 months ago

Security Control Assessor (SCA)

positionArlington,VA,US
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
date8+ years exp

Apavo Corporation is a leader in cybersecurity, providing services to military, defense, and critical infrastructure sectors. The Security Control Assessor (SCA) role involves evaluating the effectiveness of security controls, using various methodologies to identify vulnerabilities, and ensuring compliance with Risk Management Framework (RMF) principles. The SCA will work collaboratively within the organization to support a critical mission in the intelligence community.

Computer & Network Security
badNo H1BnoteSecurity Clearance RequirednoteU.S. Citizen Onlynote

Responsibilities

Advise the Information System Owner (ISO) concerning the impact levels for Confidentiality, Integrity, and Availability for the information on systems
Ensure security assessments are completed for each IS
Initiate a POA&M with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR
Evaluate security assessment documentation and provide written recommendations for security authorization to the CISO and AO
Assess proposed changes to Information Systems, their environment of operation, and mission needs that could affect system authorization
Serve as a cybersecurity technical advisor to the CISO and AO under their purview
Be integral to the development of the monitoring strategy. The system-level continuous monitoring strategy must conform to all applicable published DoD enterprise-level or DoD Component-level continuous monitoring strategies
Determine and document in the SAR a risk level for every noncompliant security control in the system baseline
Determine and document in the SAR an aggregate level of risk to the system and identify the key drivers for the assessment. The SCA's risk assessment considers threats, vulnerabilities, and potential impacts as well as existing and planned risk mitigation
Develop the continuous monitoring plan specific to the information system
The SCA is responsible for the RMF deliverables associated with Step 4 of DOD and IC RMF Policies for assigned systems. This includes, but is not limited to: Security Assessment Plans (SAP) tailored to specific systems control requirements, Security control assessment input, which includes narratives for the review of controls and artifacts, Security Assessment Reports (SAR), ATO recommendations or ATO with Condition Memorandums
Conduct initial remediation actions once a security assessment has been completed to ensure proper hand off to the ISSM and ISSOs
Assessment of selected controls IAW continuous monitoring strategy
The SCA is expected to have additional duties as assigned in support of corporate cyber security services. Additional details are reviewed in accordance with company policies

Qualification

Risk Management Framework (RMF)FISMA SystemsNIST 800-series guidelinesSecurity Assessment & Authorization (SA&A)Continuous Monitoring FrameworkPlan of Action & Milestones (POA&M)Vulnerability managementCloud-based security authorizationsSAP/JSIGSystem Security Plans (SSP)Security Assessment Report (SAR)Security Assessment Plan (SAP)Project managementAnalytical skillsFederal regulationsEffective communicationDetail-oriented

Required

Bachelors Degree in Computer Science or a related technical discipline
Minimum 8-10 years of experience
Must currently possess an active TS/SCI with the ability to obtain and maintain a CI polygraph
DOD 8140 IAM Level II (CAP, CASP, CISM, CISSP, GSLC, CCISO) is required
Strong knowledge of Risk Management Framework (RMF) 800-37 and continuous monitoring 800-137
Expert knowledge and hands-on experience with FISMA Systems, NIST 800-series guidelines, FIPS, Security Assessment & Authorization (SA&A) requirements and processes, Continuous Monitoring Framework experience and its tools, Plan of Action & Milestones (POA&M) policies, and vulnerability/patch management, risk management, project management, proficient with Microsoft products - Word, Excel, PowerPoint
Proficient with vulnerability and scanning tools and well-versed in interpreting risk posture resulting from assessment reports
Experience in project management and tracking, and the Microsoft suite of office products
Experience of assessing cloud-based security authorizations (FedRamp, AWS & Azure) as well as the NIST control responsibilities
Experience with SAP/JSIG
Expert with documenting and or reviewing of security materials such as; system security plans (SSP), Security Assessment Report (SAR), Security Assessment Plan (SAP), and other documents per NIST 800 guidelines
Effective communication skills to collaborate with cross-functional teams and stakeholders on implementing security measures organization-wide
Strong analytical skills for identifying system vulnerabilities and documenting control remediation recommendations through collaboration on System Impact Analysis and Documented Risk Acceptance
Detail-oriented with the ability to manage multiple tasks and prioritize effectively
Comprehensive knowledge of RMF activities at a senior level (ability to articulate to Executive audiences preferred)
Familiarity with federal regulatory requirements, contractual obligations, and industry standards related to information security

Preferred

Masters Degree preferred
Systems Security Engineering background preferred
Comprehensive knowledge of RMF activities at a senior level (ability to articulate to Executive audiences preferred)

Company

Apavo Corporation

twitter
company-logo
Expert Cybersecurity Consultants​. Become a partner in evaluating and managing risk within military, defense, and sensitive infrastructure industries.
location
Washington, us
people-size2-10 employees
web-link
https://apavo.com/

Funding

Current Stage
Early Stage

Leadership Team

leader-logo
Sarah Upperman
Chief Executive Officer
linkedin
Company data provided by crunchbase