E01-M01 Security Control Assessor (Sca) & Isse

Start Date: Immediate  

At TalentWerx, we are focused on partnering with America's top companies to acquire new talent with speed, accuracy, and a differentiated pricing model. We pride ourselves in acquiring top talent to ensure our clients' competitive advantage.  

Our client is a service-disabled, veteran-owned small business (SDVOSB) delivering exceptional strategy and technology integration services to the U.S. Federal Government. We support several Department of Defense (DoD) and Federal Agencies across the CONUS. 

OVERVIEW 

Full-time/Permanent Employee  

Location: Los Angeles Air Force Base (AFB), CA or Colorado Springs, CO

As a Security Control Assessor (SCA)/ Information Systems Security Officer (ISSE) you will support information system security engineering activities to ensure security requirements are defined, implemented and tested for complex development, security, and operations (DevSecOps) pipelines for classified cloud systems. You will provide technical input, recommendations, and assistance with the implementation of both higher and granular-level cyber security approaches, methods and solutions that incorporate and maintain compliance to requirements resulting from laws, regulations, and other pertinent guidance. The successful candidate will possess a strategic mindset, excellent communication skills, and the ability to collaborate effectively with cross-functional teams.  

RESPONSIBILITIES

• Apply cybersecurity risk management framework principles to the development and assessment of secure cloud systems and associated tools and their capabilities.  
• Conduct assessment and authorization activities to support recommendations to the authorizing official based on requirements, security impact levels and projected operational environment.  
• Evaluate the threats and vulnerabilities to information systems to ensure Security Controls effectively mitigate the risk of exploits.  
• Develop Security Assessment Report to support continuous Authorization to Operate determinations.  
• Conduct and report on independent assessments to verify compliance.  
• Select and tailor controls from the NIST SP 800-53 control catalog in view of system needs and constraints. 
• Participate in acquisition meetings (PMR, PDR, CDR, etc.), concept of operation (CONOP) working groups, change boards, technical exchange meetings and other similar activities. 
• Design and develop security requirements that drive down risk while maintaining operational capability. 
• Work between architecture-level and implementation-level engineering meetings to maintain a system-wide view of security functions and apply risk mitigation strategies at the appropriate level. 
• Guide and verify defense contractors' work against program requirements and goals. This includes participating in technical discussions, trade studies and working groups, and conducting research on industry best practices for potential implementation. 
• Interface with program managers to explain security requirements, risks and mitigations relative to their priorities of cost and schedule to ensure an acceptable risk tolerance. 
• Evaluate newly identified threats and vulnerabilities to customer information systems to ascertain the need for additional safeguards and develop timely implementation strategies to reduce risk. 
• Enforce the design and implementation of trusted relationships among external systems and architectures. 
• Assess proposed changes to customer information systems, their operation environment, and mission needs for impacts to cybersecurity architectures and continued compliance with cybersecurity requirements. 
• Provide inputs to development teams responsible for designing and developing organizational information systems. 
• Employ best practices when implementing security requirements for information systems including software engineering methodologies, system/security engineering principles, secure design, secure architecture, and secure coding techniques. 
•  Stay in-tune with current and new security technologies and threats to better support the customer in maintaining cybersecurity resilience. 
• Identify integration issues related to the implementation of new systems within the existing infrastructure; recommend mitigation and/or resolution options as appropriate. 
• Moderate travel (up to 30%) as required to meet project and schedule needs. 

KEY QUALIFICATIONS

• Clearance: TS/SCI with SAP Eligibility, and willingness to sit for a CI Poly 
• Education: Master's Degree in Engineering, Computer Science, Cybersecurity, Networking, or Programming. 
• Years of Experience: 15 years of relevant DoD/IC or relevant work experience with no less than five total years of experience in an SAP and/or SCI environment, with at least one year of that total being within the past 5 years 

KEY KNOWLEDGE, SKILLS, AND ABILITIES (KSA)

• Certification in one or more of the following: Certified Information Systems Security Professional (CISSP or (CISSP-ISSEP/CISSP-ISSAP), Certified Cloud Security Professional (CCSP) or AWS Architect or other similar cloud technology security certification 
• Able to demonstrate understanding of cybersecurity needs of systems at varied stages of the Software Development Life Cycle (SDLC).  
• Firm understanding of the DoD 8500.1-M, DoDM 5205.07, Volume 1, Joint SAP Implementation Guide (JSIG), National Institute of Standards and Technology (NIST) Special Publication 800-53, Intelligence Community Directive (ICD) Number 503.  
• Excellent oral and written communication skills and ability to clearly translate client technical needs into technical specifications.  
• Demonstrated ability to complete tasks, drive projects to closure, assimilate and correlate project information in a fast-paced environment.  
• Demonstrated ability to assess and articulate risk, including to non-technical audiences.  
• Capable of applying system security engineering expertise to various client programs/processes (e.g., system security design process, engineering life cycle, information domain and cross domain solutions.  
• Strong research skills and a desire to learn new (emerging OR existing but unfamiliar) technologies such as public and private cloud solutions in multi-level environments.  
• Strong understanding behind implementation details of end-to-end zero trust architecture solutions.  
• Strong understanding of DevSecOps implementations in a cloud environment and controls required to support cATO generation.  
• Demonstrated ability to assess and articulate risk, including to non-technical audiences.  
• Demonstrated history finding unique mitigations to varied systems' security challenges.  
• Demonstrated technical proficiency in at least one area of security (e.g. communications, networks, embedded systems, software, system testing or assessment, etc.). 

PREFERRED ADDITIONAL QUALIFICATIONS

• Experience working on-site in a government client environment. 
• Experience working on DISA Security Technical Implementation Guide (STIG) implementation. 
• Familiarity with security procedures while working in a SCIF/SAPF environment. 
• Cloud Security Implementation experience. 
• Familiarity and experience with NSA requirements for COMSEC. 
• Experience with DoD Acquisition Lifecycle experience and/or Rapid Acquisition / Rapid Delivery experience 
• Experience with: Special Access Programs, acquisition programs, software engineering or code review 
• Experience with Kubernetes 

TalentWerx is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities