What are the responsibilities and job description for the Security Control Assessor position at BEAT?
**Job Title:**Security Control Assessor - Intermediate (Information Assurance Support**Services)**
The Information Assurance (IA) Security Administrator - Control Assessor provides enterprise-level cybersecurity compliance and assurance support for the DHA Domain and Directory Services Branch (DDSB). This role ensures that enterprise systems meet DoD Risk Management Framework (RMF) and DHA security requirements through continuous monitoring, control validation, and vulnerability assessment. By performing proactive security assessments, validating controls, and ensuring compliance with RMF and DoD security requirements, this role reduces risk exposure and strengthens the protection of mission-critical healthcare IT systems across the Military Health System.
Conduct vulnerability scans and security control assessments to validate compliance with DoD and DHA cybersecurity policies, STIGs, and IAVM directives.
Maintain and validate asset inventories within ACAS and eMASS, ensuring all enterprise assets are credentialed, scanned, and reported accurately.
Develop and maintain Plan of Action and Milestones (POAandMs) for identified vulnerabilities, providing remediation strategies and tracking progress through closure.
Support the IS accreditation process by preparing risk assessment packages, security documentation, boundary diagrams, and accreditation artifacts.
Evaluate the impact of system modifications and changes, documenting security implications and ensuring updates align with DHA Change Management procedures.
Provide timely reporting of security incidents and violations, escalating findings through DHAs established IA reporting chain.
Collaborate with engineering, administration, and operations teams to integrate IA requirements into system lifecycle activities.
Develops: Weekly and ad-hoc vulnerability scan reports; POAandMs for unremediated vulnerabilities; Risk Assessment packages and security accreditation documentation; eMASS entries, updates, and compliance validation records; Incident reports and corrective action documentation The IA Security Administrator - Control Assessor is critical to DHAs cybersecurity readiness and accreditation posture.
- Location:**San Antonio, TX
- Education:**BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science or military Training or CGRC/CAP or CASP or Cloud or PenTest or Security or GSEC, CISSP
- Certification:**Microsoft Certified: Azure Administrator Associate or Microsoft Certified: Windows Server Hybrid Administrator Associate
The Information Assurance (IA) Security Administrator - Control Assessor provides enterprise-level cybersecurity compliance and assurance support for the DHA Domain and Directory Services Branch (DDSB). This role ensures that enterprise systems meet DoD Risk Management Framework (RMF) and DHA security requirements through continuous monitoring, control validation, and vulnerability assessment. By performing proactive security assessments, validating controls, and ensuring compliance with RMF and DoD security requirements, this role reduces risk exposure and strengthens the protection of mission-critical healthcare IT systems across the Military Health System.
Conduct vulnerability scans and security control assessments to validate compliance with DoD and DHA cybersecurity policies, STIGs, and IAVM directives.
Maintain and validate asset inventories within ACAS and eMASS, ensuring all enterprise assets are credentialed, scanned, and reported accurately.
Develop and maintain Plan of Action and Milestones (POAandMs) for identified vulnerabilities, providing remediation strategies and tracking progress through closure.
Support the IS accreditation process by preparing risk assessment packages, security documentation, boundary diagrams, and accreditation artifacts.
Evaluate the impact of system modifications and changes, documenting security implications and ensuring updates align with DHA Change Management procedures.
Provide timely reporting of security incidents and violations, escalating findings through DHAs established IA reporting chain.
Collaborate with engineering, administration, and operations teams to integrate IA requirements into system lifecycle activities.
Develops: Weekly and ad-hoc vulnerability scan reports; POAandMs for unremediated vulnerabilities; Risk Assessment packages and security accreditation documentation; eMASS entries, updates, and compliance validation records; Incident reports and corrective action documentation The IA Security Administrator - Control Assessor is critical to DHAs cybersecurity readiness and accreditation posture.