Security Controls Assessor

2018-07-13
ManTech (www.mantech.com)
Other

/yr

  full-time   employee   contract


Stafford
Virginia
United States

ManTech International Corporation provides innovative engineering and systems integration services that help our customers solve their toughest, most intractable problems. National defense and homeland security clients depend on our rapid, cost-effective development of adaptable, interoperable, integrated solutions that provide high performance in quick-response scenarios.

ManTech is seeking a Security Controls Assessor to support the Marine Corps Sensitive Compartmented Information (SCI) Enterprise Office (SEO). Responsibilities include the security engineering of enterprise and local systems and servers across multiple security domains

** This position requires a current DoD TS/SCI clearance **


General Responsibilities:


Stay current with latest DoD, Navy, and Marine Corps IA doctrine


Prepare documentation such as Risk Assessment Report (RAR), System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action and Milestones (POA&Ms) to ensure compliance with government security policies and procedures


Assist the Government to generate and maintain security documentation for system hardware and software, to include System Security Plans, equipment lists, practices, and procedures


Assess the performance of IA security controls based on NIST 800-53A within the IT infrastructure


Identify IA vulnerabilities resulting from a departure from approved procedures and plans


Evaluate potential IA security risks and make recommendations regarding corrective, mitigation, and recovery actions


Oversee that applicable patches are implemented, including IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), Intelligence Community Vulnerability alerts (ICVA), technical advisories (TA), and OPDIRs


Research, evaluate, and provide feedback on problematic IA trends and patterns in customer support requirements


Perform system audits to assess security related factors within the IT infrastructure


Review response actions to security incidents


Ensure associated entities are properly maintaining repositories for all system authorization documentation


Should include the ability to identify and analyze security requirements to recommend upgrades, patches, new applications, necessary equipment, and technical support and guidance to users


Participate in the Continuous Monitoring process



Mandatory Skills Requirements:


Shall meet DOD 8570 requirements for IAM III


TS/SCI clearance


Bachelor?s Degree (+2 years? experience), Associate?s Degree (+4 years? experience), or High School Diploma (+6 years? experience)


Must be familiar with the Risk Management Framework (RMF) process and applicable guidance (NIST 800-53, NIST 800-37, CNSSI 1253, FIPS 199, ICD 503 etc.)


Responsible for ensuring the appropriate operational IA posture is maintained for a system or enclave


Support and assist in the development of system security packages based on current doctrine


Must be familiar with Certification Assessment and all respective events


o Must be familiar with security controls and respective IT infrastructure and capable of correlating applicability, validating compliance/implementation, and working with engineers for mitigations


o Participating in Self-Assessment of system security controls and results documented in SAR in preparation of Event


o Reviewing data in Xacta package to prepare for assessment


o Conducting Certification Assessment


o Reviewing Technical Assessment: (ACAS, SCAP, PPS Verification, STIGS)


o Completing a Security Assess Review for the event


o Generating SCCM data elements, POA&M, SAR, and Risk Assessment Report (RAR) as required


o Publishing a POA&M report, NIST RA, NIST SCCM, SAR, SAR Table and Extensible Documents


o Importing data elements from the ATO letter into Xacta


o Documenting results/deliverable artifacts (results from the SCA audit, STIG Checklists, POA&Ms, reports, scans)


o Documentation uploaded into Xacta for accreditation review


o Experience with Tenable Security Center



Other Skills Preferred:


Knowledge of information security systems and applications for DoD projects


Knowledge of DoD 8510.01


Risk Management Framework (RMF) Process


Intelligence Community Directive (ICD) 503


Intelligence Community Information Technology Systems Security Risk Management


Other Emerging IA policies

Advertisement

 

Save This Job

Email This Job to a Friend