Tau Six is Hiring a Security Control Assessor (SCA) (TS/SCI) with Security Clearance - Now Hiring Near Arlington, VA
Join a fast growing agile small company that delivers cutting edge cybersecurity and system integration services to the US National Security market. We are seeking a motivated self-starter with experience in secure information systems to join a team of security professionals and help defend national security systems. Tau Six, an agile small company delivering cutting edge cybersecurity and systems integration services to the US National Security market, has an immediate need for a Cybersecurity Security Control Assessor (SCA) for a Department of Defense customer. This high-profile contract will assist the DoD with the oversight and management of information technology projects to integrate critical Enterprise services. The ideal candidate will bring excellent cybersecurity and information assurance knowledge to the program coupled with strong communication skills. Candidates must possess thorough understanding of Windows operating systems, cloud technologies, and contemporary networking. Clearance Required: Top Secret / SCI Position Description: The Security Control Assessor (SCA) will conduct and document a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system. Determine the overall control effectiveness through documentation review, inspections, testing and interviews. Provide an assessment of the severity of weakness or deficiencies and recommend corrective actions to address identified vulnerabilities. Provide assessment of proposed technology (hardware, software, and firmware) for Cybersecurity vulnerabilities. Assessment of security controls and organizational requirements shall include: Assessment Package Feedback which focuses on the documentation submitted to support the various steps of Risk Management Framework (RMF). Recommend a format for this document for government approval. Security Assessment Report which focuses on the assessment of an information system in support of the authorization determination. Shall provide a draft report using the government provided template; may recommend format changes for government consideration. Periodic Cybersecurity Assessment Report or Security Compliance Report which focuses on the assessment of a Cybersecurity program at a location. Shall provide a draft report using the government provided template; may recommend format changes for government consideration. Cybersecurity Incident Reports which focus on documenting Cybersecurity incidents. Shall provide a draft report using the government provided template; may recommend format changes for government consideration. Technical Assessment of Hardware, Software, or Firmware. Shall document the technical assessment addressing Cybersecurity vulnerabilities via a government agreed format, such as a Help Desk ticket application, electronic mail, memorandum, etc. Requirements: 4 or more years of experience in the validation of security configuration of operating systems. 2 or more years of experience applying Risk Management Framework (RMF) as described in the National Institute of Standards and Technology Special Publications. Bachelor’s Degree from an Accredited University. Candidates must have extensive experience with risk assessment technologies including analyses of the adequacy of implemented security features across a broad range of technologies. Must have extensive experience conducting security testing and providing accreditation recommendations to decision authorities. A background and experience with NIST SP800-53, CNSSI 1253, DCID 6/3, JSIG, and/or ICD 503. Knowledge of current authorization practices, particularly within the DoD and IC is a must. Must have extensive direct experience with the policies, processes, and methodologies in the application of the Risk Management Framework. Must have demonstrated knowledge of host and network access control and auditing technologies and methods. Must have an understanding of incident response, configuration management, and defense in depth best practices. Knowledge of network protocols including TCP/IP, DNS, DHCP, ICMP, etc. Understanding of cloud computing technologies a significant plus. Strong understanding of both technical and non-technical RMF controls. Must have an active TS/SCI clearance with the U.S. Federal Government.