Security Controls Assessor

SW Complete

$90K — $130K *
Information Technology
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • 12+ years of experience in security or system engineering with a bachelor's degree in Computer Science/IT Engineering equivalent to 4 years of experience
  • Expertise in multiple technology areas: telecommunications, operating systems, databases, middleware, applications, web servers
  • Strong understanding of TCP/IP and security protocols including their weaknesses
  • Proven ability to assess system vulnerabilities using various methodologies, including penetration testing
  • TS/SCI clearance and U.S. citizenship required
  • Excellent reporting, presentation, and interpersonal skills
  • Ability to think creatively and maintain an updated knowledge of security practices

Responsibilities

  • Conduct verification and validation for security compliance of information systems
  • Analyze design and operational practices for security compliance
  • Identify non-compliance issues and suggest mitigation strategies
  • Conduct on-site evaluations to assess security measures
  • Verify that systems meet established security requirements
  • Perform vulnerability assessments and coordinate penetration testing
  • Draft comprehensive certification reports and process improvement recommendations

Benefits

  • Health insurance and wellness programs
  • Retirement plans and contributions
  • Professional development opportunities
  • Flexible work arrangements
  • Paid time off for vacation and holidays
Full Job Description
Clearance Required: TS/SCI

Other Requirements: U.S. Citizenship

Senior Security Controls Assessor (SCA):
The primary role of personnel in this position will be assessing the overall security compliance of the client's information systems. This will be accomplished through actively analyzing security functions for design
weaknesses and technical flaws, determining system vulnerabilities by performing vulnerability assessments, and conducting on-site evaluations.
A senior SCA should possess
  • The ability to think 'out of the box'
  • Strong presentation, report writing and customer interface skills
  • Familiarity with various operations systems such as Microsoft Windows 2000/2003, NT4, XP, various versions of UNIX (AIX, Solaris, HPUX, etc), and Linux
  • Detailed knowledge of TCP/IP and other major protocols (i.e. NetBEUI, NETBIOS, IPX/SPX) and the inherent weaknesses of the protocols
  • Understanding of 'hacking' methodology concerning performing a vulnerability assessment
  • The ability to describe a system's avenues of compromise in a network environment and differentiate between various types of network attacks
  • An understanding of a typical secure topology and architecture for a site connected to the Internet (i.e. routers, firewalls, web servers)
  • Understanding of how to read and interpret a network diagram and identify possible security related concerns
  • The ability to keep a robust security skill set current and to work on multiple projects concurrently
FUNCTIONS:
  • Conducts verification and validation for security compliance of all information systems, products, and components
  • Analyzes design specifications, design documentation, configuration practices and procedures, and operational practices and procedures
  • Provides identification of non-compliance of security requirements and possible mitigations to requirements that are not in compliance
  • Conducts on-site evaluations
  • Validates the security requirements of the information system
  • Verifies and validates that the system meets the security requirements
  • Provides vulnerability assessment of the system
  • Coordinates penetration testing
  • Provides a comprehensive verification and validation report (certification report) for the information system
  • Provides process improvement recommendations
  • Assists the Government to draft standards and guidelines for usage

POSITION REQUIREMENTS:
  • Twelve years of related work experience
  • A Bachelor's Degree in Computer Science or IT Engineering may be substituted for four years of experience
  • Experience in security or system engineering in five or more areas, including: telecommunications concepts, operating systems, databases/DBMS, middleware, applications,
web-servers, SANS/Netaps, Active Directory, firewalls, and controlled interfaces
  • DoD 8570-1M Change 2 certification

Similar Jobs

More Jobs at SW Complete

More Information Technology Jobs

Find similar Security Controls Assessor jobs: