Today
Top Secret/SCI
Early Career (2+ yrs experience)
CI Polygraph
IT - Security
Falls Church, VA (On/Off-Site)
Security Control Assessor
McLean, VA
Salary up to $150,000 (commensurate with experience)
Requirements:
Education:
• Bachelor’s degree in Computer Engineering, Computer Science, Electrical Engineering, Information Systems, Information Technology, Cybersecurity, or a closely related discipline.
• Four years of additional work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO) Testing may substitute for a bachelor’s degree.
• A Master’s degree in an applicable discipline can substitute for three years of demonstrated work experience.
Experience:
• Minimum of three years in cybersecurity, with at least one year conducting SCAs under frameworks like ICD 503/CNSSI 1253, NIST Cybersecurity Framework, or Risk Management Framework (RMF).
• At least one full year of recent SCA experience within the last three calendar years.
• One full year of experience in supporting and performing security assessments in cloud environments (AWS, Google, IBM, Azure, and Oracle).
Certifications:
• Must meet Department of Defense (DOD) 8570.01-M baseline certification requirements for Information Assurance Technical (IAT) Level III: CASP+CE, CCNP Security, CISA, CISSP or Associate, GCED, GCIH, or CCSP.
Skills and Knowledge:
• Knowledge of Independent Verification & Validation (IV&V) of security controls.
• Understanding of general attack strategies (e.g., MITRE ATT&CK Framework).
• Familiarity with NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other relevant ICDs.
• Skill in conducting vulnerability scans and identifying vulnerabilities in security systems, especially in cloud environments.
• Expertise in risk-based assessments within Operational Technology (OT) systems, including threat identification, regulatory compliance, and impact analysis on critical operations.
• Deep understanding of OT systems, architectures, components, and security assessment tools/resources like MITRE ATT&CK for Industrial Control Systems and the National Vulnerability Database (NVD).
• Ability to recommend improvements to cyber threat protection tactics, techniques, and procedures (TTPs) to the IC CISO or designee.
• Knowledge of system and application security threats and vulnerabilities.
• Familiarity with network access, identity, and access management (e.g., public key infrastructure [PKI]).
• Understanding of network protocols (e.g., TCP/IP, DNS, DHCP, and directory services).
• Ability to assess the robustness of security systems and designs.
• Understanding of cybersecurity principles and organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation).
• Strong writing skills for documenting and defending findings, mitigation strategies, and reporting vulnerabilities identified during security assessments.
• Experience in writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP).
• Experience in conducting security reviews, technical research, and reporting to enhance security defense mechanisms.
• Travel: Domestic and International Travel: 0-25%
Benefits:
• 20 Days of PTO
• 10 Federal Holidays
• Dental, Vision, and Medical Insurance
• Tuition Assistance
• 401K Match
• Health Savings Account
McLean, VA
Salary up to $150,000 (commensurate with experience)
Requirements:
Education:
• Bachelor’s degree in Computer Engineering, Computer Science, Electrical Engineering, Information Systems, Information Technology, Cybersecurity, or a closely related discipline.
• Four years of additional work experience in Security Control Assessor (SCA) and Defensive Cyber Operations (DCO) Testing may substitute for a bachelor’s degree.
• A Master’s degree in an applicable discipline can substitute for three years of demonstrated work experience.
Experience:
• Minimum of three years in cybersecurity, with at least one year conducting SCAs under frameworks like ICD 503/CNSSI 1253, NIST Cybersecurity Framework, or Risk Management Framework (RMF).
• At least one full year of recent SCA experience within the last three calendar years.
• One full year of experience in supporting and performing security assessments in cloud environments (AWS, Google, IBM, Azure, and Oracle).
Certifications:
• Must meet Department of Defense (DOD) 8570.01-M baseline certification requirements for Information Assurance Technical (IAT) Level III: CASP+CE, CCNP Security, CISA, CISSP or Associate, GCED, GCIH, or CCSP.
Skills and Knowledge:
• Knowledge of Independent Verification & Validation (IV&V) of security controls.
• Understanding of general attack strategies (e.g., MITRE ATT&CK Framework).
• Familiarity with NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other relevant ICDs.
• Skill in conducting vulnerability scans and identifying vulnerabilities in security systems, especially in cloud environments.
• Expertise in risk-based assessments within Operational Technology (OT) systems, including threat identification, regulatory compliance, and impact analysis on critical operations.
• Deep understanding of OT systems, architectures, components, and security assessment tools/resources like MITRE ATT&CK for Industrial Control Systems and the National Vulnerability Database (NVD).
• Ability to recommend improvements to cyber threat protection tactics, techniques, and procedures (TTPs) to the IC CISO or designee.
• Knowledge of system and application security threats and vulnerabilities.
• Familiarity with network access, identity, and access management (e.g., public key infrastructure [PKI]).
• Understanding of network protocols (e.g., TCP/IP, DNS, DHCP, and directory services).
• Ability to assess the robustness of security systems and designs.
• Understanding of cybersecurity principles and organizational requirements (confidentiality, integrity, availability, authentication, non-repudiation).
• Strong writing skills for documenting and defending findings, mitigation strategies, and reporting vulnerabilities identified during security assessments.
• Experience in writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP).
• Experience in conducting security reviews, technical research, and reporting to enhance security defense mechanisms.
• Travel: Domestic and International Travel: 0-25%
Benefits:
• 20 Days of PTO
• 10 Federal Holidays
• Dental, Vision, and Medical Insurance
• Tuition Assistance
• 401K Match
• Health Savings Account
group id: 91140723
