Security Controls Assessor

Secure Innovations Columbia , MD 21045

Posted Yesterday

Education and Clearance

  • BS and 9 Years experience
  • 8570 IAT II (Sec+, CCNA Security)
  • TS/SCI FS poly
Description: This team is built to work with customers preparing for certification and accreditation. They help by tailoring vulnerability scanning tools and automated hardening scripts designed to help take the load off customer working with systems to secure and prepare for certification and accreditation. This team consists of Unix, Windows and Application subject matter experts. They research and gather data to support compliance baselines and security questions.
Day to day activities:
Your day to day duties would include researching and troubleshooting security or compliance related questions. Creating baselines for new and upcoming OS's or applications and creating a test environments to help support testing including modifying audit file variables. Your team would consist of roughly 7-10 individuals.Additionally, duties may include:
Conducting verification and validation for security compliance of all information systems, products, and components.
Working with SCAP and XML data used for security testing.
Analyzing documentation, configuration practices and procedures and operational practices and procedures
Providing identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance.
Providing mock vulnerability assessment of systems
Providing process improvement recommendations
Assisting the government to draft standards and guidelines for usage
Desired skills:
Experience in security testing or security engineering
Experience with Windows or Unix systems
Experience using vulnerability scanning technologies.
Experience working both individually and as a team.
What makes a great employee for this position?
Our best team members consist of knowledgeable system administrators who have taken the next step to learn how to secure their systems. Having knowledge about the baseline system and its configuration settings goes a long way. Working security into a functioning system can be challenging and system administrators have a good understanding of the repercussions hardening a system can have on its functionality.
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Info Security Engineer III Issep Ts/Sci With Polygraph


Posted 7 days ago

VIEW JOBS 12/3/2018 12:00:00 AM 2019-03-03T00:00 Job Description: Upon receiving the requisite funding, the Leidos Defense and Intelligence Group will have a career opening for a TS/SCI with poly cleared Information Systems Security Engineer (ISSE) III on our Leidos led prime contract in Columbia, MD. Program Summary This program is a Leidos sole sourced prime contract responsible for providing Information Assurance (IA) Architecture Analysis and Security Engineering Support for the implementation and fielding of the National Leadership Command Capability in support of Nuclear Command, Control, and Communications (NC3), Continuity of Government (COG), and Senior Leader communications. Job Summary Pending funding, the ISSE III will perform in a consultant like role providing technical knowledge, expertise and advice to our customer. They shall perform, or review, technical security assessments of computing environments to identify points of vulnerability, non-compliance with established IA standards and regulations and recommended mitigation strategies. Primary responsibilities include but are not limited to the following: Validates and verifies system security requirements definitions and analysis and establishes system security design Designs, develops, implements and/or integrates IA and security systems and system components including those for networking, computing and enclave environment to include those with multiple enclaves and with differing data protection/classification requirements Builds IA into systems deployed to operation environments Assist architects and systems developers in the identification and implementation of appropriate information security functionality to ensure uniform application of Agency security policy and enterprise solutions Supports the building of security architectures Enforces the design and implementation of trusted relations among external systems and architecture Assesses and mitigates system security threats/risk throughout the program life cycle Contributes to the security planning, assessment, risk analysis, risk management, certification and awareness activities for system and networking operations Reviews C&A documentation, providing feedback on completeness and compliance of its content Applies system security engineering expertise in one or more of the following: System security design process Engineering life cycle Information domain Cross domain solutions COTS and GOTS cryptographyIdentification, authentication and authorization Systems integration Risk management Intrusion detection Contingency planning Incident handling Configuration control Change management Auditing C&A process Principles of IA (confidentiality, integrity, non-repudiation, availability, and access control) Security testing Support security authorization activities in compliance with DoD Information System Certification and Accreditation Processes and DoD Information Assurance Certification and Accreditation Process (DIACAP) process, the NIST Risk Management Framework (RMF) process, and prescribed DoD business process for security engineering. Qualifications Bachelor of Science Degree from an accredited university in Computer Science, Information Assurance, Information Security System Engineering or related field with a minimum of 20 years of experience as an Information Systems Security Engineer (ISSE) on programs and/or contracts with the customer space. A Masters Degree in Computer Science, Information Assurance, Information Security System Engineering or related field reduces the experience requirement to 18 years. CISSP-ISSEP DoD approved 8570 baseline certification is a firm requirement Additionally, the candidate must also possess the following knowledge, skills and abilities: Expertise in network technology and systems security engineering Experience in identifying, researching, characterizing, and documenting security weaknesses related to operating systems, software applications, firmware, network hardware components, as well as network architecture design and documented policies and procedures. Experience developing and documenting system security requirements and conducting requirements gap analysis. Knowledge of, and practical experience with the NIST Special Publications 800 Series, CNSSI 1253, and DoD 8500. Experience with network technologies and the ability to demonstrate knowledge of network protocols, communications systems and architectures. Should have significant hands on experience implementing security and/or network components, i.e. routers, firewalls, IPS, IDS, etc. Ability to work independently within a schedule and with little direction Strong writing skills. Confidence and ability to present briefing to senior level DoD officials in both prepared briefings and/or in ad hoc discussions .TS/SCI with polygraph required Preferred Qualifications Experience and understanding of active cyber defense techniques, products and architectures Experience or knowledge of cross domain device implementation Experience with virtual desktop environments Experience or knowledge of the Nuclear Command & Control (NC2) community Working knowledge of MS Visio to include development of detailed network diagrams Leidos is a Fortune 500® information technology, engineering, and science solutions and services leader working to solve the world's toughest challenges in the defense, intelligence, homeland security, civil, and health markets. The company's 31,000 employees support vital missions for government and commercial customers. Headquartered in Reston, Virginia, Leidos reported annual revenues of approximately $10.17 billion for the fiscal year ended December 29, 2017. (NYSE: LDOS) All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. Leidos Columbia MD

Security Controls Assessor

Secure Innovations