Today
Top Secret/SCI
Mid Level Career (5+ yrs experience)
$155,000
CI Polygraph
IT - Security
Bethesda, MD (On/Off-Site)
Security Control Assessor
Bethesda, MD
Up to $155,000
Required Qualifications:
● Security Clearance: Active Top Secret SCI with Polygraph (CI or FS)
● Education: Bachelor's degree in Computer Engineering, Computer Science, Electrical
Engineering, Information Systems, Information Technology, Cybersecurity, or a closely
related field.
● Alternative Education/Experience: Four additional years of demonstrated experience in
Security Control Assessor (SCA) and Defensive Cyber Operations (DCO) Testing may
substitute for a bachelor's degree. A Master’s degree in a relevant discipline may
substitute for three years of work experience.
● Experience:
● Minimum of three years in cybersecurity, with at least one year conducting SCAs under
frameworks such as ICD 503/CNSSI 1253, NIST Cybersecurity Framework, or Risk
Management Framework (RMF).
● One year of SCA experience within the last three years.
● One year of experience supporting and performing security assessments in cloud
environments (AWS, Google Cloud, IBM, Azure, Oracle).
● Certifications: Must meet the Department of Defense (DOD) 8570.01-M baseline
certification requirements for Information Assurance Technical (IAT) Level III, such as
CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
● Technical Knowledge:
● Proficient in Independent Verification & Validation (IV&V) of security controls.
● Familiar with attack strategies, including the MITRE ATT&CK Framework.
● In-depth knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other relevant
ICDs.
● Skilled in conducting vulnerability scans and identifying vulnerabilities in security
systems, especially in cloud environments (AWS, Google, IBM, Azure, Oracle).
● Understanding of system and application security threats and vulnerabilities.
● Knowledgeable in network protocols (TCP/IP, Dynamic Host Configuration, DNS,
Directory Services) and identity/access management, including PKI.
● Ability to assess the strength and robustness of security systems and designs.
Responsibilities:
● Provide recommendations to the IC CISO or their designee for enhancing Tactics,
Techniques, and Procedures (TTPs) for improved cyber threat protection.
● Conduct and report on security assessments, identifying vulnerabilities and proposing
mitigation strategies.
● Write comprehensive reports, defending all findings related to risks, vulnerabilities, and
recommended mitigation measures.
● Develop and document penetration testing Rules of Engagement (ROE), Test Plans, and
Standard Operating Procedures (SOP).
, ● Perform security reviews and technical research to enhance security defense
mechanisms.
● Occasional domestic and international travel (up to 25%).
Other Skills:
● Strong writing and communication skills.
● Experience in writing detailed reports on security assessments and vulnerabilities.
Benefits:
● 20 Days PTO
● 11 Federal Holidays
● 401K Match
● Medical, Dental, and Vision Insurance
● Health Savings Account
Bethesda, MD
Up to $155,000
Required Qualifications:
● Security Clearance: Active Top Secret SCI with Polygraph (CI or FS)
● Education: Bachelor's degree in Computer Engineering, Computer Science, Electrical
Engineering, Information Systems, Information Technology, Cybersecurity, or a closely
related field.
● Alternative Education/Experience: Four additional years of demonstrated experience in
Security Control Assessor (SCA) and Defensive Cyber Operations (DCO) Testing may
substitute for a bachelor's degree. A Master’s degree in a relevant discipline may
substitute for three years of work experience.
● Experience:
● Minimum of three years in cybersecurity, with at least one year conducting SCAs under
frameworks such as ICD 503/CNSSI 1253, NIST Cybersecurity Framework, or Risk
Management Framework (RMF).
● One year of SCA experience within the last three years.
● One year of experience supporting and performing security assessments in cloud
environments (AWS, Google Cloud, IBM, Azure, Oracle).
● Certifications: Must meet the Department of Defense (DOD) 8570.01-M baseline
certification requirements for Information Assurance Technical (IAT) Level III, such as
CASP+CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH, or CCSP.
● Technical Knowledge:
● Proficient in Independent Verification & Validation (IV&V) of security controls.
● Familiar with attack strategies, including the MITRE ATT&CK Framework.
● In-depth knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other relevant
ICDs.
● Skilled in conducting vulnerability scans and identifying vulnerabilities in security
systems, especially in cloud environments (AWS, Google, IBM, Azure, Oracle).
● Understanding of system and application security threats and vulnerabilities.
● Knowledgeable in network protocols (TCP/IP, Dynamic Host Configuration, DNS,
Directory Services) and identity/access management, including PKI.
● Ability to assess the strength and robustness of security systems and designs.
Responsibilities:
● Provide recommendations to the IC CISO or their designee for enhancing Tactics,
Techniques, and Procedures (TTPs) for improved cyber threat protection.
● Conduct and report on security assessments, identifying vulnerabilities and proposing
mitigation strategies.
● Write comprehensive reports, defending all findings related to risks, vulnerabilities, and
recommended mitigation measures.
● Develop and document penetration testing Rules of Engagement (ROE), Test Plans, and
Standard Operating Procedures (SOP).
, ● Perform security reviews and technical research to enhance security defense
mechanisms.
● Occasional domestic and international travel (up to 25%).
Other Skills:
● Strong writing and communication skills.
● Experience in writing detailed reports on security assessments and vulnerabilities.
Benefits:
● 20 Days PTO
● 11 Federal Holidays
● 401K Match
● Medical, Dental, and Vision Insurance
● Health Savings Account
group id: 91140723
