Apply on Employer Site

Peraton · 3 weeks ago

Security Control Assessor

Linthicum, MD

Full-time

Onsite

Senior Level

$135K/yr - $216K/yr

6+ years exp

Peraton is a next-generation national security company that drives missions of consequence spanning the globe. They are seeking an experienced Security Control Assessor to conduct assessments, provide authorization for cloud infrastructure, and implement risk management programs.

Information TechnologyRobotics

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Conduct assessments and facilitate risk mitigation planning

Provide Assessment and Authorization (A&A) for the ARCYBER cloud infrastructure

Execute a security control assessment plan and update the System Security Plan

Review vulnerability scans and remediation

Implement risk management programs by utilizing NIST, FISMA, HIPAA, and PII -- and document solutions

Monitor the privacy landscape regarding all data (privacy, protection, classification, and residency)

Assist clients with identifying gaps within existing privacy programs and designing solutions to help address those challenges

Scan, test, and validate systems/networks/applications to obtain/maintain an ATO under NIST/FISMA guidelines

Qualification

Security Control AssessmentRisk Management FrameworkCybersecurity PrinciplesCloud Computing SecurityActive TS ClearanceIAT Level II CertificationIAM Level III CertificationEMASS ExperienceNetwork Security MethodologiesVulnerability Assessment ToolsSoft Skills

Required

Bachelor's degree in one of the following fields: Computer Science, Cybersecurity, Data Science, Information Systems, Mathematics, Software Engineering, or Information Technology with 8+ years of relevant experience; or Master's with 6+ years of relevant experience. In lieu of a Bachelor's degree in one of these fields of study, candidate must possess a HS Diploma with 12+ years of relevant experience and one of the following active certifications: GMON, Security X/CASP+, CCSP, CISSO, Cloud+, CSSLP, FITSP-D, GCSA, GSEC, CCNP Enterprise, CISM, CISSP-ISSAP, CISSP-ISSEP, GCIA, GDSA, or GICSP

Active TS clearance with SCI eligibility

Active IAT Level II certification (such as CompTIA Security+)

Active IAM level III certification (such as CISM)

Must have knowledge of enterprise solutions across multiple cloud operating environments (JWICS, SIPRNET, NIPRNET, and commercial Internet)

Must have eMASS, ACAS, and ISC2 Certified Cloud Computing Professional (CCSP) or CompTIA Cloud+ experience

Must have knowledge in the following areas: Knowledge of computer networking and/or cloud computing concepts and protocols, and network security methodologies

Knowledge of cyber threats and vulnerabilities in a virtualized environment

Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity

Knowledge of risk management framework processes (e.g., methods for assessing and mitigating risk)

Knowledge of specific operational impacts of cybersecurity lapses

Knowledge of industry methods for evaluating, implementing, and disseminating Information Technology (IT) security assessment, monitoring, detection, and remediation tools and procedures using standards-based concepts and capabilities

Knowledge of cyber defense and vulnerability assessment tools, including opensource tools, and their capabilities

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data in a cloud environment

Knowledge of IT and cloud computing security principles and methods (e.g., firewalls, demilitarized zones, encryption)

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins

Knowledge of network and/or cloud computing environment security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

Knowledge of penetration testing principles, tools, and techniques

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, returnoriented attacks, malicious code)

Knowledge of the Security Assessment and Authorization process

Skill in determining how a security and/or cloud computing security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes

Skill in discerning the protection needs (i.e., security controls) of information systems and networks and those relating to cloud computing

Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard IT) for safety, performance, and reliability

Knowledge of new and emerging IT and cybersecurity technologies and/or those technologies specific to cloud computing