Job Description13-004 - Security Control Assessor (SCA) ILocation: Los Angeles AFB, CA
Salary: $156,330.35
Position Type: Full-Time
Security Clearance: Active TS/SCI Required
Additional Access: Eligibility for Special Access Program InformationWillingness to Submit to a Counterintelligence Polygraph
Position OverviewSandy Mac Evolution LLC is seeking a highly qualified
Security Control Assessor (SCA) I to support Department of Defense classified information systems at Los Angeles Air Force Base, California.
The selected candidate will conduct comprehensive assessments of management, operational, and technical security controls employed within or inherited by information systems. These assessments will determine whether security controls are implemented correctly, operating as intended, and producing the required security outcomes.
The SCA will identify weaknesses and deficiencies, evaluate their severity, recommend corrective actions, and support authorization decisions for systems operating within Collateral, Sensitive Compartmented Information, and Special Access Program environments.
Key Responsibilities- Conduct independent security control assessments using the Risk Management Framework methodology and the Joint Special Access Program Implementation Guide.
- Provide oversight of the development, implementation, and evaluation of information system security policies and programs.
- Support the integration and assessment of existing SAP network infrastructure.
- Assess management, operational, and technical security controls to determine their effectiveness and compliance with applicable security requirements.
- Advise Information System Owners, Information Data Owners, Program Security Officers, Delegated Authorizing Officials, and Authorizing Officials regarding assessment and authorization matters.
- Review and evaluate system authorization packages and provide recommendations to the Authorizing Official or Delegated Authorizing Official.
- Evaluate information system threats and vulnerabilities to determine whether additional safeguards or mitigating controls are required.
- Advise Government stakeholders regarding Confidentiality, Integrity, and Availability impact levels for information processed by classified systems.
- Ensure security assessments are completed, properly documented, and maintained in accordance with applicable Government policies and guidance.
- Prepare Security Assessment Reports for assigned authorization boundaries.
- Develop and initiate Plans of Action and Milestones based on weaknesses identified during security assessments.
- Review security assessment documentation and provide written recommendations regarding system authorization.
- Present authorization recommendations and submit completed security authorization packages to the appropriate Authorizing Official.
- Evaluate proposed changes to authorization boundaries, operating environments, system configurations, and mission requirements to determine whether continued operation remains appropriate.
- Review and concur with sanitization and media-clearing procedures in accordance with Government policy and guidance.
- Support Government security compliance reviews and inspections.
- Assist with cybersecurity incident response activities and verify that appropriate corrective measures have been implemented.
- Ensure organizations address information security requirements throughout all phases of the System Development Life Cycle.
- Evaluate proposed hardware and software changes to determine their potential security impact on authorization boundaries.
- Assess the effectiveness and implementation of Continuous Monitoring Plans.
- Represent the customer as a member of security inspection and assessment teams.
- Perform additional cybersecurity, assessment, and authorization duties as required.
Required Qualifications- Five to seven years of related cybersecurity, information assurance, or information system security experience.
- Minimum of three years of experience supporting SAP, SCI, or Collateral Information Systems and implementing applicable cybersecurity regulations.
- Prior experience performing duties as an Information System Security Officer and Information System Security Manager.
- Demonstrated experience conducting RMF-based security assessments.
- Experience reviewing authorization packages, security controls, Security Assessment Reports, and Plans of Action and Milestones.
- Knowledge of DoD cybersecurity regulations, classified information system security requirements, and assessment and authorization processes.
- Ability to identify security deficiencies, evaluate risk, and develop clear written recommendations for Government decision-makers.
Desired Qualifications- Previous experience supporting Special Access Program environments.
- Experience applying the Joint Special Access Program Implementation Guide.
- Experience supporting Government compliance inspections, authorization decisions, and continuous monitoring activities.
Education- Bachelor's degree in cybersecurity, information technology, information systems, computer science, or a related discipline.
Four additional years of relevant professional experience may be considered in lieu of a bachelor's degree.
Certification RequirementsThe selected candidate must meet the applicable certification requirements established under DoD Directive 8570.01-M or its current DoD 8140 successor framework.
The candidate must possess or obtain within six months of hire one of the following:
- Information Assurance Technician Level III certification; or
- Information Assurance Manager Level I certification in lieu of IAT Level III.
Security Clearance Requirements- Must possess and maintain an active Top Secret/Sensitive Compartmented Information clearance.
- Must be eligible for access to Special Access Program information.
- Must be willing to submit to a Counterintelligence polygraph.
- Must maintain all required security clearances, accesses, and eligibility throughout employment.
Physical Requirements- Must be able to regularly lift and carry equipment weighing up to 50 pounds.