Security Controls Assessor

ManTech (


  full-time   employee   contract

United States

ManTech International Corporation provides innovative engineering and systems integration services that help our customers solve their toughest, most intractable problems. National defense and homeland security clients depend on our rapid, cost-effective development of adaptable, interoperable, integrated solutions that provide high performance in quick-response scenarios.

ManTech is seeking a Security Controls Assessor to support the Marine Corps Sensitive Compartmented Information (SCI) Enterprise Office (SEO). Responsibilities include the security engineering of enterprise and local systems and servers across multiple security domains

** This position requires a current DoD TS/SCI clearance **

General Responsibilities:

Stay current with latest DoD, Navy, and Marine Corps IA doctrine

Prepare documentation such as Risk Assessment Report (RAR), System Security Plans (SSP), Security Assessment Reports (SAR), and Plan of Action and Milestones (POA&Ms) to ensure compliance with government security policies and procedures

Assist the Government to generate and maintain security documentation for system hardware and software, to include System Security Plans, equipment lists, practices, and procedures

Assess the performance of IA security controls based on NIST 800-53A within the IT infrastructure

Identify IA vulnerabilities resulting from a departure from approved procedures and plans

Evaluate potential IA security risks and make recommendations regarding corrective, mitigation, and recovery actions

Oversee that applicable patches are implemented, including IA vulnerability alerts (IAVA), IA vulnerability bulletins (IAVB), Intelligence Community Vulnerability alerts (ICVA), technical advisories (TA), and OPDIRs

Research, evaluate, and provide feedback on problematic IA trends and patterns in customer support requirements

Perform system audits to assess security related factors within the IT infrastructure

Review response actions to security incidents

Ensure associated entities are properly maintaining repositories for all system authorization documentation

Should include the ability to identify and analyze security requirements to recommend upgrades, patches, new applications, necessary equipment, and technical support and guidance to users

Participate in the Continuous Monitoring process

Mandatory Skills Requirements:

Shall meet DOD 8570 requirements for IAM III

TS/SCI clearance

Bachelor?s Degree (+2 years? experience), Associate?s Degree (+4 years? experience), or High School Diploma (+6 years? experience)

Must be familiar with the Risk Management Framework (RMF) process and applicable guidance (NIST 800-53, NIST 800-37, CNSSI 1253, FIPS 199, ICD 503 etc.)

Responsible for ensuring the appropriate operational IA posture is maintained for a system or enclave

Support and assist in the development of system security packages based on current doctrine

Must be familiar with Certification Assessment and all respective events

o Must be familiar with security controls and respective IT infrastructure and capable of correlating applicability, validating compliance/implementation, and working with engineers for mitigations

o Participating in Self-Assessment of system security controls and results documented in SAR in preparation of Event

o Reviewing data in Xacta package to prepare for assessment

o Conducting Certification Assessment

o Reviewing Technical Assessment: (ACAS, SCAP, PPS Verification, STIGS)

o Completing a Security Assess Review for the event

o Generating SCCM data elements, POA&M, SAR, and Risk Assessment Report (RAR) as required

o Publishing a POA&M report, NIST RA, NIST SCCM, SAR, SAR Table and Extensible Documents

o Importing data elements from the ATO letter into Xacta

o Documenting results/deliverable artifacts (results from the SCA audit, STIG Checklists, POA&Ms, reports, scans)

o Documentation uploaded into Xacta for accreditation review

o Experience with Tenable Security Center

Other Skills Preferred:

Knowledge of information security systems and applications for DoD projects

Knowledge of DoD 8510.01

Risk Management Framework (RMF) Process

Intelligence Community Directive (ICD) 503

Intelligence Community Information Technology Systems Security Risk Management

Other Emerging IA policies



Save This Job

Email This Job to a Friend