Join our team supporting NASA cyber security in the area of Risk Management and Enterprise Assessment Services.
Our team provides Risk Management services supporting Independent Assessments in accordance with Federal mandates, NIST guidance, and NASA policies and procedures. This includes support to an effective and comprehensive enterprise independent assessment service for NASA information systems, including Operational Technologies and cloud systems.
Security Control Assessor (SCA) Position Description:
- Conduct independent comprehensive assessments of the management, operational, and technical Security Controls and control enhancements employed within or inherited for traditional information technology (IT), operational technology (OT), and mission systems to determine the overall effectiveness of the controls (as defined in NIST SP 800-37)
- Perform security assessment duties including:
- Create a pre-assessment verification checklist and submit to ISO
- Provide verification that System Security Plans (SSPs) to be assessed and audited are ready for an assessment via use of an Agency approved tool
- Create security assessment plan prior to scheduling assessment
- SubmIT Security assessment plan to Information System Owner (ISO) for approval
- Schedule assessments
- Conduct technical and non-technical security assessment
- Create Security Assessment Report (SAR) using agreed upon format
- Schedule and perform system assessment out-brief with ISO
- Attend Authorization To Operate (ATO) brief with Authorizing Official (to be scheduled by ISO)
- Upload all security assessment documentation in the Agency approved tool
- Address any concerns or questions that may be raised by the customer relating to assessments
- Respond to data calls and review policies for applicability to an assessment as requested by the customer
- Create and adhere to assessments Standard Operating Procedures (SOPs) and standardized templates for all tasks agreed upon with the EAS Technical Point of Conduct (TPOC) or designee
- Work collaboratively with cross-functional teams to gather necessary information for assessments
- Ensure timely and accurate reporting of assessment results, vulnerabilities, and compliance status
- Collaborate with stakeholders to develop and implement corrective action plans based on assessment findings
- Provide expertise in scaling security measures to meet the unique requirements of diverse IT systems
- Maintain awareness of emerging threats and industry best practices to continually enhance assessment methodologies
- Operate effectively in a fast-paced environment, demonstrating the ability to be proactive and adaptive
- Act as a client-facing representative of the organization, engaging with clients professionally and effectively
Qualifications:
- Bachelor’s degree
- 12 years of relevant experience
- 2 years of hands-on experience in Security Control Assessments
- Proven ability to handle a high volume of assessments, with a focus on program-scale operations
- In-depth knowledge of NIST 800-53/800-30 standards
- Effective communication skills to convey complex security concepts to various stakeholders
- Excellent organizational skills and the ability to manage a rotating schedule of assessments
- Ability to obtain Secret clearance
- Within 50 miles radius for a NASA facility (https://science.nasa.gov/about-us/nasa-centers)
- Availability for occasional travel 20%
Nice to Have Qualifications:
- Security control assessments or ISSO, ISSM, ISSE experience.
- Demonstrated proficiency in cloud platforms, with a preference for Google Cloud Platform (GCP)
- Strong expertise in Linux systems and the ability to apply security measures across a diverse range of IT systems
- Supervisory control and data acquisition (SCADA) experience.
- Experience in assessing non-traditional IT systems, particularly in a program-scale context
- Within 50 mile radius of NASA Ames, Armstrong, Marshall, Stennis, Glenn or KSC (https://science.nasa.gov/about-us/nasa-centers)
Job Type: Full-time
Pay: $120,000.00 - $150,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Employee assistance program
- Flexible spending account
- Health insurance
- Life insurance
- Paid time off
- Professional development assistance
- Vision insurance
Schedule:
- Monday to Friday
Experience:
- relevant IT: 10 years (Required)
- NIST 800-53/800-30 standards: 5 years (Required)
- IT Security Control Assessments: 2 years (Required)
Security clearance:
- Secret (Preferred)
Ability to Relocate:
- Edwards, CA 93523: Relocate before starting work (Required)
Work Location: Hybrid remote in Edwards, CA 93523