Principal Security Control Assessor

Job Description

Description

SAIC is seeking a Principal Security Control Assessor that will possess a thorough understanding in a wide range of security tools, techniques and procedures, including the following efforts:

• Identifies cybersecurity vulnerabilities in DOD's NC3 systems and networking assets; determines mission risk and consults with and develops technical recommendations for CC/S/A owners on measures for mitigating cybersecurity risks ensuring delivery of a viable and robust NC3 cybersecurity posture.

• Reviews and evaluates NC3 security reports for cybersecurity issues; develops new methods and techniques to ensure actions are taken to correct and/or mitigate issues on DoD NC3 systems.

• Provides NC3 systems cybersecurity briefings, analysis, and recommendations for implementation to senior leaders as required.

• Analyze NC3 system cybersecurity assessments and findings, de-conflict, and normalize recommendations to senior leaders based upon assessment activities and results sought from varied venues. Provide summary of assessments within 2 days, highlighting newly identified vulnerabilities.

• Drafts, coordinates, and presents mission risk to NC3 missions IAW DoDI 8510.01. Assessments and products will be completed IAW SI 311-02 and will normally be technically accurate and include the most current information available.

• Researches, interprets, and analyzes broad guidance from Chairman Joint Chiefs of Staff (CJCS), Department of Defense (DOD), and other national regulations, policies, and guidelines

• Integrate changing DOD cybersecurity policies and USSTRATCOM NC3 initiatives through updates to Strategic Instructions, input on routine document reviews, and maintaining published guidance to the NC3 community.

• Conduct formal coordination via JSAP (and other methods) for event driven NC3 cybersecurity community tasking's and follow SI 901-02 for coordination and memorandums requiring flag-level signature.

• Maintain USSTRATCOM policies, procedures, methodologies, and the analytical framework to support accomplishment of cybersecurity information system and mission risk assessments for NC3 systems/missions.

• Researches, analyzes and understands the interrelationships between systems within a functional mission area.

• Develops/updates/maintains the analytical framework and methodologies based on higher level guidance to assess mission risk within a functional mission area based on system level impacts.

• Establishes, develops, and maintains effective working relationships and partnerships with Combatant Commands, Services, and Agencies to promote NC3 cybersecurity efforts and USSTRATCOM's NC3 cybersecurity vision.

• Participates in special projects and initiatives and performs special assignments. Identifies the need for special projects and identifies milestones and goals.

• Develops agendas, decision topics, obtains briefings and information papers for meetings.

• Ensures accurate documentation of meeting action items and minutes for Senior Staff review.

Qualifications

Bachelors and 5 years of experience or 9 years of experience in lieu of degree

Clearance required to start: Top Secret/SCI or DoE Q Must be a US citizen required certification compliance:

Three-year' experience working with the DOD cybersecurity major driving policies- DoD 8510.01 (RMF), DoDI 8500 series (Cybersecurity), and CNSSI 1253

Experience in RMF process across the Navy, Air Force, Space Force, and Intelligence cybersecurity communities

Experience creating Plan of Action & Milestones to meet RMF controls, familiarity with eMASS tool, reviewing security artifacts, etc. ,

Three-year' experience as Cybersecurity Analyst on DOD projects and/or systems of similar scope.

DoD-M 8570.1-M certified at all times, with new hires taking no more than 6 months to obtain the relevant certification

Desired Qualifications

One year of experience working with