Skip to main content

Security Control Assessor



Employer:Castalia Systems LLC
Location:Springfield, VA 22150 (map)

Job Description
Candidates will perform security controls assessments that are an integral part of the Assessments and Authorizations process. The contractor shall perform A&A scanning, comprehensive assessment testing, penetration testing, documentation, reporting and analysis requirements. This includes performing dedicated functions for all the Government Customer's missions involved with Assessments and Authorizations or compliance with applicable National Intelligence Community or Department of Defense information system security guidance. 

Tasks Include:
o Perform comprehensive security assessments of identified and applied security controls. Provide summaries of initial assessments in Security Assessment Reports (SAR) that address the technical evaluation and results of assessment, identify weaknesses or deficiencies, and recommend corrective actions for risk mitigation.
o Perform and assess the degree to which a system is compliant with operating system, network, and application security STIG reviews.
o Perform host and network based security control assessments, determine residual security risks, prepare assessment test reports, prepare and assess test plans, and provide formal recommendations in support of authorization.
o Perform mobile device and mobile application security reviews and document results of such reviews.
o Provide support to OCIO at internal/external meetings, conferences, and technical exchange meetings, and working groups for all activities with regard to information security and risk management.
o Provide testing support for evaluations and shall provide specific test plans and testing services tailored to security controls of the systems being tested. The tester will use the Government Customer's accepted tools and techniques, including but not limited to manual testing, web assessment software, vulnerability scanning, pen testing tools, and in house scripts as approved by the Government Customer. Tests may be conducted either remotely or locally on the systems to ensure compliance and to identify security vulnerabilities, risks, threats and gaps.
o Review and analyze the findings that identify security issues on the system. The contractor shall compile results and finding into a final Security Assessment Report, along with assessments and recommendations for remediation. The final report shall provide analysis for the DAO, Information System Security Engineer (ISSE), and PM for compliance with security controls, remediation, and informational purposes. The report shall comprehensively encompass both technical and non-technical findings, assessments, and recommendations.
o Conduct testing and scanning via Government Customer's accepted techniques and scanning tools, including manually (software and hardware) used either remotely or locally on the systems to evaluate compliance and to identify security vulnerabilities, threats, risks, and gaps. The contractor shall review and analyze the findings that identify security issues on the system. The final report shall provide analysis for the DAO and PM for remediation and informational purposes. The report shall comprehensively encompass both technical and non-technical security compliance results.
o Review security plans, test the documented systems in accordance with applicable policies and guidelines, and document results of the testing; either recommend authorization approval or not approved for authorization with rationale supporting recommendation.
o Assist with providing detailed test plans and conducting security testing of security controls specific to security boundaries, including Cross Domain Solutions (CDS).
o Provide on-site and/or remote testing in support of FISMA through manual testing, vulnerability scans and penetration testing at industrial and the Government Customer's hosted sites both CONUS and OCONUS. Work will be authorized and coordinated by the Government on a trip by trip basis.
o Augment cyber penetration testing activities in the planning, execution, tracking, and reporting of Blue/Red Team Assessments consisting of identifying and exploiting vulnerabilities on the Government Customer's systems.
o Coordinate and conduct Blue Team assessments to identify vulnerabilities and correct weaknesses in the Government Customer's networks. The Blue Team will work cooperatively with Key Components (KCs) to provide notification and make recommendations to mitigate those vulnerabilities and assist in corrective actions.
Education:
Master's degree or equivalent experience in Computer Science, Computer Engineering, Electrical Engineering, or Management Information Systems with emphasis in Information Technology/Information Assurance
Certifications:
CISSP, CISM, CASP, CISA or GSLC certification (CISSP preferred)
Clearance Required TS/SCI
Location Springfield, VA; St Louis, MO; Denver, CO

Popular posts from this blog

NSD Static Security Condor Program

Employer:Constellis NSD Location: Moyock, NC, United States Constellis National Security Division Static Security Condor Program Constellis NSD is an industry leader in providing elite security services in some of the world’s most challenging and austere environments. Our team of highly trained, experienced security operators provide low profile security solutions in high threat, sensitive environments for our prestigious U.S. Government customers. Our team of High Threat Static Security Specialist have a long-established reputation for providing exceptional security service to our U.S. Government customer. Constellis NSD is currently recruiting High Threat Static Security Operators for assignments in some of the world's most challenging and dynamic locations. We look for people of the utmost caliber with extensive military experience and unquestionable accountability, integrity and professionalism. If you meet the requirements for this position, please apply so a member of our R
Read more .......

Static Security Condor

Employer: XPG Programs Location: Moyock, NC, United States XPG Programs High Threat Static Security – Condor XPG Programs is an industry leader in providing elite security services in some of the world’s most challenging and austere environments. Our team of highly trained, experienced security operators provide low profile security solutions in high threat, sensitive environments for our prestigious U.S. Government customers. Our team of High Threat Static Security Specialist have a long-established reputation for providing exceptional security service to our U.S. Government customer. XPG Programs is currently recruiting High Threat Static Security Operators for assignments in some of the world's most challenging and dynamic locations. We look for people of the utmost caliber with extensive military experience and unquestionable accountability, integrity and professionalism. If you meet the requirements for this position, please apply so a member of our Recruiting Staff can revi
Read more .......

Senior Trainer, LAV-AG, Gunnery/Tactics

Employer: Vinnel Arabia Location : Saudi Arabia-Riyadh ID 2016-1838 Overview: Responsible for providing New Equipment Training (NET) assistance and evaluation to the unit in planning, and conducting gunnery and tactics training IAW the NET plan. Trains, assists and evaluates units in training, doctrine, gunnery, tactics and operations unique to the LAV-AG(S) A1 vehicle. A. Duties/Responsibilities: Prepares and conducts LAV-AG gunnery and tactics training. Rehearses upcoming LAV-AG classes/training with assigned or appointed interpreter/translator prior to conducting training. Trains and coaches LAV-AG crews through gunnery range firings. Assists the Chief Trainer, LAV-AG TST in the conduct of LAV-AG section tactical and gunnery training. Conducts after action reviews for each LAV-AG tactical and gunnery training event. Maintains control and accountability of equipment used to conduct LAV-AG tactical and gunnery training. Conducts After-Action Reviews as required. Prepares reports and
Read more .......