Security Control Assessor Representative - 19159

Summary

Mission Technologies a division of Huntington Ingalls Industries is looking for a qualified individual to fill the role of a Security Control Assessor Representative (SCA) in Las Vegas, NV supporting Joint Network Engineering and Emerging Operations (J-NEEO). This role is responsible for assessing cybersecurity (confidentiality, integrity, and availability) readiness for assigned systems as part of the Risk Management Framework.  The SCAR candidate must have knowledge of application, system, and network security, technologies, processes, and best practices designed to ensure its availability, integrity, authentication, confidentiality, and non-repudiation.

What you will do

Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. Core Tasks include:

• Develop methods to monitor and measure risk, compliance, and assurance efforts.

• Draft statements of preliminary or residual security risks for system operation.

• Maintain information systems assurance and accreditation materials.

• Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.

• Assess the effectiveness of security controls.

• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

• Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.

• Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

• Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.

• Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.

What you must have

• 15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
• 3+ years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework.
• Certified Information Assurance Technical (IAT) Level III baseline certification (CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP)
• Demonstrated hands-on experience with compliance and vulnerability scanning tools (XACTA, RedSeal, Nessus, Splunk, McAfee ePO, and/or other vulnerability scanners)
• Possess a strong understanding of the Assessment and Authorization (A&A) process.
• Possess knowledge of Independent Verification & Validation (IV&V) of security controls
• Possess knowledge of general attack strategies (e.g., MITRE ATT&CK Framework)
• Demonstrated knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate
• Ability to make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection.
• Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI)
• Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services
• US citizen and Top-Secret Security Clearance with eligibility for SCI and SAP.

Preferred Requirements

• B.A. or B.S. in Information Security, Computer Science, or related discipline
• At least 1 year of experience as a Security Control Assessor (SCA) within the past 3 calendar years
• Demonstrated experience writing final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.
• Experience writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP)
• Demonstrated experience conducting security reviews, technical research and provided reporting to increase security defense mechanisms.
• Familiarity with United States Air Force risk management policies/procedures.

Physical Requirements