Jan 24
Top Secret/SCI
Senior Level Career (10+ yrs experience)
Occasional travel
CI Polygraph
IT - Security
Bethesda, MD (On-Site/Office)
Security Control Assessor
Senior
Bethesda, MD
Job Description
Requirements:
• Bachelor’s degree in computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline.
◦ Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelor’s degree.
◦ A Master’s degree in an applicable discipline be substituted for three years of demonstrated work experience
• Three (3) years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework.
◦ One full year of SCA experiences within the last three calendar years.
◦ One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle).
◦ Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP.
◦ Knowledge of Independent Verification & Validation (IV&V) of security controls.
◦ Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework).
◦ Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate.
◦ Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) ASW, Google, IBM, Azure, and Oracle.
Other Requirements:
• Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection.
• Knowledge of system and application security threats and vulnerabilities.
• Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI).
• Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services.
• Ability to assess the robustness of security systems and designs.
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Three years of experience performing security assessments in a cloud computing environment.
• Strong writing skills.
• Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.
• Report vulnerabilities identified during security assessments.
• Write penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP).
• Conducted security reviews, technical research and provided reporting to increase security defense mechanisms.
• Travel Domestic and International Travel 0-25%.
Senior
Bethesda, MD
Job Description
Requirements:
• Bachelor’s degree in computer engineering, Computer Science, Electrical Engineering, Information systems, Information Technology, Cybersecurity, or a closely related discipline.
◦ Four years of additional demonstrated work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO)Testing will be accepted in lieu of a bachelor’s degree.
◦ A Master’s degree in an applicable discipline be substituted for three years of demonstrated work experience
• Three (3) years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework.
◦ One full year of SCA experiences within the last three calendar years.
◦ One full year supporting cloud environment and experience performing security assessments in a cloud environment (AWS, Google, IBM, Azure, and Oracle).
◦ Must meet Department of Defense (DOD) 8570.01-M baseline certification requirement for Information Assurances Technical (IAT) Level III CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP.
◦ Knowledge of Independent Verification & Validation (IV&V) of security controls.
◦ Knowledge of general attack strategies (e.g., MITRE ATT&CK Framework).
◦ Knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate.
◦ Skill in conducting vulnerability scans and recognizing vulnerability in security systems (e.g., Cloud Environments) ASW, Google, IBM, Azure, and Oracle.
Other Requirements:
• Make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection.
• Knowledge of system and application security threats and vulnerabilities.
• Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI).
• Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services.
• Ability to assess the robustness of security systems and designs.
• Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Three years of experience performing security assessments in a cloud computing environment.
• Strong writing skills.
• Write final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.
• Report vulnerabilities identified during security assessments.
• Write penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP).
• Conducted security reviews, technical research and provided reporting to increase security defense mechanisms.
• Travel Domestic and International Travel 0-25%.
group id: 10110693a
