Security Controls Assessor
2 weeks ago
Your Impact:
Jacobs is seeking a Security Control Assessor (SCA) Intermediate for a prime contract that is based out of a Columbia, MD office. As SCA Intermediate, you will serve on a team that is responsible for the Authorization and Assessment process under the Risk Management Framework (RMF) for new and existing information systems and will be expected to maintain Authority to Operate compliance for all assigned systems.
The work environment is fast-paced and sometimes involves deadline pressures. The nature of the work requires a high degree of teamwork and cooperation with other members of the staff as well as individuals across the Company and Customers. Our program includes easily available process information and support from others with similar positions across the team.
Plans, coordinates, and integrates all systems engineering tasks adhering to a disciplined systems engineering process throughout all acquisition phases of the assigned subsystem, system or system of systems and approve ATO/IATOs.
Will have the opportunity to work across multiple domains, learning new Cybersecurity tools and techniques to enhance your technical skillset. This is an opportunity to work hand-in-hand with the customer in an exciting and dynamic program.
Responsibilities:
- The SCA Tier 2 will be working within a small and dynamic team to manage the authorizations of multiple systems and networks of various size and complexity. The team will be focused on ensuring ATO compliance for various classified systems.
- Additionally, the SCA will be performing several cybersecurity functions to support the organization to include the following:
- Site Surveys and Interface Technologies
- Vulnerability Assessments, Penetration Testing, and Continuous Monitoring
- Risk Management Framework Services, Certification and Accreditation (RMF CA) support
- Policy Refinement
- Incident Response and Forensic Analysis
- Compliance Review and Oversight Inspection
- Cyber Security Training and Product Development
#divergent
Here’s what you’ll need:
- Experience in certifying information systems using Intelligence Community and/or DoD Assessment and Authorization processes.
- Understanding on how to assess requirements, validate compliance, and develop system security plans for the purpose of authorization by a delegated authorizing official.
- Must have a thorough understanding of systems, networks, and sites that operate under the cognizance of the DoDIIS Cybersecurity program and Joint Special Access Program (SAP) Implementation Guide (JSIG) with knowledge and skills as follows:
- Extensive experience with risk assessment technologies including analyses of the adequacy of implemented security features and research and analysis of security technology.
- Extensive experience in conducting security testing including actual experience as a Test Director with responsibility for recommending accreditation decisions.
- Proficient in the use of VISIO or other drawing software and have extensive experience in the generation of functional logical and physical diagrams from high level depictions to extremely detailed diagrams of networks and site information technology architectures.
- Extensive direct experience with the policies, processes, and methodologies applicable to DoDIIS program and the RMF application.
- Excellent communication skills, both oral and written, to support considerable interface within and outside the areas of responsibility (development of documents, participation in coordination meetings, and site visits, presenting briefings, etc.).
- Knowledge of project management fundamentals and process basic skills for use of PM associated products/tools.
- Experience in applying the Risk Management Framework (RMF) is required for all three tiers.
- Knowledge of encryption algorithms (e.g., internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], triple Data Encryption Standard [3DES]).
- Knowledge of host/network access controls (e.g., access control list).
- Knowledge of incident response and handling methodologies.
- Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusion via intrusion detection technologies.
- Knowledge of network protocols (e.g., Transmission Critical Protocol and Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol (DHCP]), and directory services (e.g., Domain Name System [DNS]).
- Knowledge of network traffic analysis methods.
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol and Internet Protocol [TCP/IP], Open System Interconnection model [OSI], Information Technology Infrastructure Library, v3 [ITIL]).
- Knowledge of penetration testing principles, tools, and techniques (e.g., metasploit, neosploit).
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, crosstie scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return oriented attacks, malicious code).
- Knowledge of information technology supply chain security/risk management policies, requirements, and procedures.
- Experience in developing and maintaining the following documents and provide relevant input to Authorizing Officials (AO), and/or their delegate on same:
- Status of Plans of Actions and Milestones (POA&Ms)
- Security Controls Traceability Matrices (SCTMs)
- Risk Assessment Reports (RARs)
- Information System Security Concepts of Operations (CONOPs)
- Security control assessment test plans
- Experience in engaging as a member of the Incident Response Team (IRT):
- Manage, monitor, and review security monitoring data feeds for anomalies
- Coordinate inquiries, threat analysis, containment and eradication with the Security Operations Center (SOC)
- Develop after-action reports for Program Security Officer (PSO) and AO reporting.
- Clearance Required: Active TS/SCI
- Minimum Education: N/A
BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution can replace the Intermediate certification requirement. - Minimum Years of Experience: Four (4) years of related work experience
-
Security Controls Assessor Level III
7 days ago
Columbia, United States Jacobs Solutions Inc. Full timeYour Impact:Jacobs is seeking a Security Controls Assessor (Level 3) for a prime contract that is based out of our Columbia, MD office. Responsibilities: Analyze design specifications, design documentation, configuration practices and procedures, and operational practices and procedures Conduct on-site evaluations Conducts verification and validation for...
-
Security Control Assessor II
7 days ago
District Of Columbia, United States Goldbelt Incorporated Full timeOverview Goldbelt Hawk designs, develops, and implements comprehensive solutions for problem spaces, including computer security, scalable architectures, advanced analytics, artificial intelligence, and network/data center operations. Specializing in local and enterprise-level incident response and forensic analysis, Hawk's personnel deliver threat analysis...
-
Security Control Assessor II
7 days ago
District Of Columbia, United States Goldbelt Incorporated Full timeOverview Goldbelt Hawk designs, develops, and implements comprehensive solutions for problem spaces, including computer security, scalable architectures, advanced analytics, artificial intelligence, and network/data center operations. Specializing in local and enterprise-level incident response and forensic analysis, Hawk's personnel deliver threat analysis...
-
Security Controls Assessor Level III
3 weeks ago
Columbia, United States Jacobs Full timeYour Impact:Jacobs is seeking a Security Controls Assessor (Level 3) for a prime contract that is based out of our Columbia, MD office. Responsibilities: Analyze design specifications, design documentation, configuration practices and procedures, and operational practices and proceduresConduct on-site evaluationsConducts verification and validation for...
-
Sr. Security Controls Assessor
3 weeks ago
Columbia, South Carolina, United States Jacobs Full timeYour Impact: Responsibilities: Conducts verification and validation for security compliance of all information systems, products, and components Analyzes design specifications, design documentation, configuration practices and procedures, and operational practices and procedures Provides identification of non-compliance of security requirements and possible...
-
Security Controls Assessor
3 weeks ago
Columbia, United States Jacobs Full timeYour Impact:Jacobs is seeking a Security Control Assessor (SCA) Advanced for a prime contract that is based out of a Columbia, MD office. As SCA Advanced, you will lead a team that is responsible for the Authorization and Assessment process under the Risk Management Framework (RMF) for new and existing information systems and will be expected to maintain...
-
Functional Analyst 2- TS/SCI with Poly
3 weeks ago
Columbia, United States Jacobs Full timeYour Impact:Jacobs is seeking a Functional Analyst 2 for a prime contract that is based out of our Columbia, MD office. Responsibilities: Perform functional analysis to identify critical Cybersecurity tasks required and their interrelationships.Analyze customer/mission needs to determine testing requirements.Identify required resources to enable creation,...
-
Family Development Trainer/Assessor
2 weeks ago
Columbia, United States Central Missouri Foster Care & Adoption Full timeJob DescriptionJob DescriptionSalary: The Central Missouri Foster Care & Adoption Association is a not for profit agency that educates, supports, & advocates for foster, adoptive, & kinship children, youth, & families in central Missouri by offering services & partnering with community & governmental agencies to develop healthy & self-sufficient individuals...
-
Sr. Security Controls Assessor
3 weeks ago
Columbia, United States Jacobs Full timeYour Impact: Responsibilities: · Conducts verification and validation for security compliance of all information systems, products, and components · Analyzes design specifications, design documentation, configuration practices and procedures, and operational practices and procedures · Provides identification of...
-
Sr. Security Controls Assessor
3 weeks ago
Columbia, United States Jacobs Full timeYour Impact: Responsibilities: · Conducts verification and validation for security compliance of all information systems, products, and components· Analyzes design specifications, design documentation, configuration practices and procedures, and operational practices and procedures · Provides identification of...
-
Designated Authorizing Official 3
3 weeks ago
Columbia, United States Jacobs Full timeYour Impact:Jacobs is seeking a Designated Authorizing Official (DAO) 3 for a prime contract that is based out of our Columbia, MD office.As a DAO3., you will serve on a team that is responsible for the Authorization and Assessment process under the Risk Management Framework (RMF) for new and existing information systems and will be expected to maintain...
-
Armed Security Officer
3 weeks ago
Columbia, United States Soteria Protection And Security Group Full timeJob DescriptionJob DescriptionSeeking Armed Security Officers for part time work in the Columbia, SC area. Minimum 2 years Security experience or Military/ Law Enforcement background. Must be comfortable using deescalation techniques to include verbal commands or soft and hard empty hand control. Ability to be trained to work in different types of Security...
-
Senior Information Security Risk Analyst
2 weeks ago
Columbia, United States Farm Credit Full timeSenior Information Security Risk Analyst (Hybrid in Columbia, SC) AgFirst's Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations, industry standards,...
-
Senior Information Security Risk Analyst
3 days ago
Columbia, United States Farm Credit Full timeSenior Information Security Risk Analyst (Hybrid in Columbia, SC) AgFirst's Senior Information Security Risk Analyst identifies, investigates, analyzes, and recommends information security guidance to ensure bank assets and processes maintain confidentiality, integrity, and availability while assessing against all applicable regulations, industry standards,...
-
Security Architect
3 weeks ago
Columbia, United States RAPS CONSULTING INC Full timeSCOPE OF THE PROJECT: Department of Health and Human Services, 50% remote The MES Core project is a multi-year effort to enable standardized data exchange between numerous internal systems and external data trading partners. MES Core has been in production since 2018 but is continuously expanding to accommodate new systems and evolving business...
-
Information Systems Security Engineer
6 days ago
Columbia, United States Independent Software Full timeJob Description Job Description What you will be doing: Independent Software is seeking an Information Systems Security Engineer, Mid-Level to perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend...
-
Information Systems Security Engineer
1 day ago
Columbia, United States Independent Software Full timeWhat you will be doing: As an Information Systems Security Engineer, Mid-Level you will perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies. Validates and verifies system...
-
Information Systems Security Engineer
1 week ago
Columbia, United States Independent Software Full timeJob DescriptionJob DescriptionWhat you will be doing: As an Information Systems Security Engineer, Mid-Level you will perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established Information Assurance (IA) standards and regulations and recommend mitigation strategies....
-
Information Systems Security Engineer III
3 weeks ago
Columbia, United States Jacobs Full timeYour Impact:Jacobs is seeking a Information Systems Security Engineer LV3 for a prime contract that is based out of our Columbia, MD office. Responsibilities: Participate as the primary security engineering representative on engineering teams for the design, development, implementation, evaluation, and/or integration of secure networking, computing, and...
-
Real Estate Assessor
2 weeks ago
Columbia, United States City Of Hopewell Full timePerforms complex professional work assessing real property in the City, managing the real estate division and services for the City, and related work as apparent or assigned. Work is performed under general direction. Supervision is exercised over all personnel within the division. Supervises real estate division staff, i.e. is responsible for work...
