What are the responsibilities and job description for the Security Control Assessor (SCA) position at ASSYST, Inc.?
ASSYST is seeking a Security Control Assessor (SCA) to support our government customer Project based in Washington, DC.
This position is contingent upon contract award
Hybrid - Rockville, MD / Washington D.C
Responsibilities:
Required Skills:
Applications (may include but not limited to):
This position is contingent upon contract award
Hybrid - Rockville, MD / Washington D.C
Responsibilities:
- Configure, interpret, and identify vulnerabilities or false positives in web application, server, and database scans.
- Plan and perform security control assessments for ESS customer systems in accordance with NIST SP 800-53 and SP 800-53A, using ESS LoB processes and guidance to support authority to operate (ATO) or annual assessment processes. Activities may include interviews, documentation reviews, physical security walkthroughs, and technical vulnerability testing.
- Perform assessments of PCIF facilities and/or OpDivs in accordance with NIST 800-79 requirements for authorization of Personal Identity Verification (PIV) Card Issuers and Derived PIV Credential Issuers (DPCI).
- Assist with identification and recommendation of PCIF Corrective Action Plans (CAPs).
- Identify organizational security weaknesses in personnel controls, training, incident and emergency response, logical and physical security, operational security, and integrity of software applications and data.
- Develop and deliver reports and presentations communicating findings of security control assessments.
- Conduct vulnerability assessments on networks, servers, websites, and databases to support assessment activities.
- Assess, review, update, and develop documentation to support ESS LoB in security controls assessment activities.
- Provide input for weekly customer status reports and project plans.
- Maintain tools, laptops, and testing materials.
- Conduct on-site assessments of PCIF facilities across the continental U.S.
- Demonstrate prior experience performing assessments validating and justifying compliance or non-compliance in accordance with NIST guidance, FISMA, and FISCAM.
Required Skills:
- 5–8 years of IT security experience performing and configuring information security scans and evaluating system security controls.
- Certifications such as CISSP or equivalent credentials for penetration testing and vulnerability assessment.
- In-depth knowledge of IT security laws, directives, and policies relevant to Federal government agencies.
- Understanding of security requirements across secured and non-secured environments.
- Familiarity with IT security products (hardware, software, services), technologies, protocols, and best practices.
- Experience performing technical evaluations and validating compliance/non-compliance with NIST, FISMA, and FISCAM for Federal agencies.
- Knowledge of standard security policies and procedures, including ensuring testing machines and equipment remain physically secure and accessible only to authorized personnel.
- Excellent written and oral communication skills.
- Hands-on experience with vulnerability scanning and testing using tools for web application testing, server scanning, and manual system configuration validation.
Applications (may include but not limited to):
- Nmap
- Netcat
- Nipper Studio
- Microsoft Baseline Security Analyzer
- Tenable Nessus
- Security Center
- Wireshark
- Core Impact
- IBM Appscan Standard
- Burp Suite Professional
- Application Security AppDetective Pro
- WebInspect
