Feb 28
Secret
Mid Level Career (5+ yrs experience)
IT - Security
Belleville, IL (On-Site/Office)
Electrosoft is seeking a Security Control Assessor Representative (SCA-R)- to support our DoD customer at Scott Air Force Base, IL. The SCA-R will independently assess the adequacy and compliance of security controls applied to the agency on behalf of the Government SCA and Authorizing Official (AO). SCA-R personnel will assist Government personnel with the overall responsibility to conduct independent comprehensive assessments of the management, operational, privacy and technical security controls and controls enhancements employed within or inherited by an IT system to determine the overall effectives of the controls for more than 52 Programs of Record in use across the Enterprise. The SCA-R will collect, provide, and maintain current documentation on authorization processes and procedures.
Duties & Responsibilities:
• Assess, identify, and provide to the Government, for AO approval, a listing of recommended enterprise security controls/enhancements that provide mission assurance for cyber USTRANCOM terrain systems supporting USTRANSCOM’s mission.
• Provide SME support for RMF activities within and/or outside Enterprise Mission Assurance Support Service (eMASS) or other tools as designated by the Government.
• Provide technical and operational analyses of supporting artifacts and provide risk analysis recommendations to the SCA.
• Perform triage of authorization, POA&M, System Security Plan, System Categorization, and risk acceptance requests using the Govt RMF Artifact Quality Rubric.
• Identify non-compliant submissions, document in the Package Return Report (PRR), and submit them to the Government SCA for approval and signature.
• Review security artifacts provided by program offices or other organizations and assess both technical and functional adequacy of cybersecurity/Information Assurance (IA) controls
• Perform the Independent Verification and Validation (IV&V) role within eMASS on NIPRNet and SIPRNet, verifying that controls are in-place, operating as intended, producing desired outcomes, and providing feedback to submitters on non-compliant security controls, adequacy of artifacts, and POA&M items, and provide the required PRR as needed.
• Compile Authorization Official package to include risk assessment, required artifacts, and required approval documents to support risk recommendations to the AO in accordance with Government guidance.
• Review and coordinate RMF packages such as categorizations, security plans and POA&Ms for signatures by approved authorities as designated by the Government and IAW suspense assigned by the Government.
• Manage eMASS user accounts (i.e., add, delete, and assign/update roles) for the customers instance of eMASS per Government direction.
• Track status of checklists and packages from submission through approval or disapproval decision by the AO.
Qualifications/Certifications:
• Minimum of 5 years of related experience
• BA/BS degree from an accredited university
• Requires Active DoD Secret security clearance
• Requires Active IAM-III certification (e.g. CISSP, CISM)
• Thorough understanding and experience with DoD RMF tool eMASS
• Excellent written and verbal communication skills, demonstrating the ability to present material to senior DoD and non-DoD officials.
• Able to communicate effectively with senior leaders and customers to clearly present technical approaches and findings.
• Demonstrated knowledge and understanding of the DoD mission
• Experience with Ports, Protocols, Services Management (PPSM) is desired
Duties & Responsibilities:
• Assess, identify, and provide to the Government, for AO approval, a listing of recommended enterprise security controls/enhancements that provide mission assurance for cyber USTRANCOM terrain systems supporting USTRANSCOM’s mission.
• Provide SME support for RMF activities within and/or outside Enterprise Mission Assurance Support Service (eMASS) or other tools as designated by the Government.
• Provide technical and operational analyses of supporting artifacts and provide risk analysis recommendations to the SCA.
• Perform triage of authorization, POA&M, System Security Plan, System Categorization, and risk acceptance requests using the Govt RMF Artifact Quality Rubric.
• Identify non-compliant submissions, document in the Package Return Report (PRR), and submit them to the Government SCA for approval and signature.
• Review security artifacts provided by program offices or other organizations and assess both technical and functional adequacy of cybersecurity/Information Assurance (IA) controls
• Perform the Independent Verification and Validation (IV&V) role within eMASS on NIPRNet and SIPRNet, verifying that controls are in-place, operating as intended, producing desired outcomes, and providing feedback to submitters on non-compliant security controls, adequacy of artifacts, and POA&M items, and provide the required PRR as needed.
• Compile Authorization Official package to include risk assessment, required artifacts, and required approval documents to support risk recommendations to the AO in accordance with Government guidance.
• Review and coordinate RMF packages such as categorizations, security plans and POA&Ms for signatures by approved authorities as designated by the Government and IAW suspense assigned by the Government.
• Manage eMASS user accounts (i.e., add, delete, and assign/update roles) for the customers instance of eMASS per Government direction.
• Track status of checklists and packages from submission through approval or disapproval decision by the AO.
Qualifications/Certifications:
• Minimum of 5 years of related experience
• BA/BS degree from an accredited university
• Requires Active DoD Secret security clearance
• Requires Active IAM-III certification (e.g. CISSP, CISM)
• Thorough understanding and experience with DoD RMF tool eMASS
• Excellent written and verbal communication skills, demonstrating the ability to present material to senior DoD and non-DoD officials.
• Able to communicate effectively with senior leaders and customers to clearly present technical approaches and findings.
• Demonstrated knowledge and understanding of the DoD mission
• Experience with Ports, Protocols, Services Management (PPSM) is desired
group id: 10211450
