Security Control Assessor Test Engineer, Level 3 (Government)

At&T Chantilly , VA 22022

Posted 2 months ago

AT&T Global Public Sector is a trusted provider of secure, IP enabled, cloud-based, network solutions and professional services to the Federal Government. We are dedicated to recruiting, developing and empowering a diverse, high-performing workforce that is passionate about what they do, committed to our shared values and dedicated to our customers' mission.

Our National Security Team supports the intelligence community, providing, operating and assuring critical voice, video and collaboration services for the full spectrum of operations. The services required by this contract will assist OS&CI in providing the NRO a secure mission environment. The contractor shall provide realistic, innovative information security solutions to accomplish the requirements in addition to program management. The services obtained under this contract shall provide expertise to support information systems security, security control assessments, information assurance engineering, and security control assessments test engineering.

AT&T has an opening for a Security Control Assessor Test Engineer(SCATE), Level 3 to support the National Security Sector, in providing subject matter expertise supporting and participating in independent assessment activities as part of the Risk Management Framework (RMF) Assessment and Authorization (A&A) process within the NRO. Personnel will be responsible for auditing all entries and artifacts within the A&A database as well as conducting Red/Blue team tests to determine system readiness for their ATO packet submissions.

Job Duties/Responsibilities:

  • Ability to conduct technical testing and evaluation of NRO and Intelligence Community (IC) systems. Tests and evaluations are conducted to ensure all IT technical security requirements are fulfilled in accordance with ICD 503 and the NRO's Risk Management Framework (RMF) process.

  • Assist Program Offices in conducting assessments of the systems they build, referred to as Dry Run testing, providing Independent Verification and Validation (IV&V) testing of the system (Step 4 in the RMF process).

  • Assist in participating in DNI IC community test events, such as DNI's IC Information Technology Environment (ICITE), Commercial Cloud Services (C2S), and the National Security Agency (NSA) GovCloud.

  • Conduct reviews that ensure that all applicable security controls are included and have test cases. The test cases shall be vetted to ensure they are complete and actually test the control to which they are mapped.

  • Ability to test systems that have one (1) "High" in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-I-A) and a SCA request for ISCB support shall require that ISCB witness the execution of the program's Certification Test Plan (CTP). Additionally, some systems not meeting this threshold might, at management direction, require CTP witnessing. The skill set shall include the ability to conduct both "blue" and "red" team internal and external testing of target systems.

  • Ability to test systems that have two (2) "Highs" in any of the three (3) ICD 503 categories (Confidentiality, Integrity or Availability) (C-I-A) shall require that VRIB witness the execution of the program's Certification Test Plan (CTP) and undergo a Penetration Test event. Additionally, some systems not meeting this threshold might, at management direction, require Full Testing. The skill set shall include the ability to conduct both "blue" and "red" team internal and external testing of target systems.

  • Ability to conduct penetration testing on systems, as determined by management direction.

  • Ability to conduct software review requests (S/WRRs), which consist of researching open source information to ensure that software proposed for use on any enterprise mission systems does not have any security concerns that cannot be mitigated.

  • Ability to support Corporate Product List (CPL) reviews. VRIB conducts security reviews for items prior to addition onto the CPL. These reviews shall consist of a search of open source information to ensure any hardware or software being proposed for acquisition and inclusion on any enterprise or mission systems do not have any security concerns that cannot be mitigated.

  • Ability to conduct In-Depth product reviews. These reviews shall test the requested hardware or software for security vulnerabilities. Product reviews shall include in-depth research into the product as well as hands-on testing. The incumbent will design, document and run the test event. Upon completion of the test event the incumbent shall generate a test report.

  • Ability to operate and maintain the customer test labs and environments as well as reconfigure these environments to support applicable test events.

Required Clearance:

Active TS/SCI, with Poly (#polygraph)

Required Qualifications:

  • Candidates must have a bachelor's degree or higher and 8 years of experience that can be a combination of work history and education.

  • This equates to bachelor's or higher and 8 years, Master's and 5 years, Associates and 12 years, or HS and 15 years.

  • Requires CEH as a minimum, and must have a DoD 8570 compliant IASAE I certification (I.e. CASP+ CE, CISSP (or Associate), CSSLP) within 6 (six) months of hire.

Desired Qualifications:

  • ICD 503 and the Government's certification and accreditation process

  • Networks, computer components, system protocols, and COTS technology

  • System methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers

  • Software integration of COTS and Government Off-the-Shelf (GOTS) products

  • Windows, Linux, Unix, and Mac OS X administration;

  • VMware, Xen, Hyper V and other virtualization platforms.

  • Configuring and supporting Windows, Linux, Unix, Mac OS, and other operating systems

  • Configuring and supporting VMware, Xen, Hyper V and other virtualization platforms

  • Software engineering

  • Program design and implementation

  • Configuration management

  • System maintenance

  • Integration testing

  • Information system engineering

  • Penetration testing and analysis

  • System certification activities and efforts related to system certification and accreditation;

  • Research, development, integration, and distribution of IS security tools and associated documentation;

  • Security procedures for systems and software within area of expertise to ensure consistent security policy implementation;

  • Education relevant to computer engineering, information security, information management, and/or computer science; and

  • Experience in technical project management.

AT&T is an Affirmative Action/Equal Opportunity Employer and we are committed to hiring a diverse and talented workforce. EOE/AA/M/F/D/V

Job ID 2043119 Date posted 10/16/2020

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Control Assessor Test Engineer Level II

Parsons Commercial Technology Group Inc.

Posted 2 months ago

VIEW JOBS 10/14/2020 12:00:00 AM 2021-01-12T00:00 Minimum Clearance Required to Start: Top Secret SCI w/Polygraph Job Description: Parsons Federal Intelligence seeks to hire Security Control Assessor Test Engineers (SCATE) to review and evaluate customer Information Systems (IS) and recommends to the Government changes that can improve information confidentiality, integrity, and availability. SCATEs are also responsible for performing security focused services to improve the security posture of the Customers ISs. Within six months from start date the SCATEs must become certified in the appropriate IA certifications. Preferred technical qualifications: * Knowledge of ICD 503 and the Government's certification and accreditation process * Experience with Networks, computer components, system protocols, and COTS technology * Knowledge of system methodologies including client/server, web hosting, web content servers, policy servers, directory servers, firewalls, WAN, MAN, LAN, switches, and routers * Experience with software integration of COTS and GOTS products * Configuring and supporting various operating systems (Windows, Linux, Unix, Mac OS) and virtualization platforms (VMware, Xen, Hyper V) * Experience with configuration management and system maintenance including integration testing and penetration testing and analysis * System certification activities and efforts related to system certification and accreditation * Security procedures for systems and software within area of expertise to ensure consistent security policy implementation Required Qualifications: * Active Top Secret/SCI Security clearance with Polygraph * Bachelor's Degree in Engineering, Computer Science, or a related field of study and 5 years of related experience or equivalent Must be able to obtain, maintain and/or currently possess a security clearance. Parsons Commercial Technology Group Inc. Chantilly VA

Security Control Assessor Test Engineer, Level 3 (Government)

At&T