AddressRequisition Number: 19158
Required Travel: 11 - 25%
Employment Type: Full Time/Salaried/Exempt
Security Clearance: Top Secret
Level of Experience: Senior
This opportunity resides with Live, Virtual, Constructive Solutions, a business group within HII’s Mission Technologies division. As a trusted partner to our military customers, we design, develop and operate systems that bring together service members from across the globe to help you train like you fight, because we understand that preparation requires full coordination—not readiness in piece parts.
Meet HII’s Mission Technologies Division
Our team of more than 7,000 professionals worldwide delivers all-domain expertise and advanced technologies in service of mission partners across the globe. Mission Technologies is leading the next evolution of national defense – the data evolution - by accelerating a breadth of national security solutions for government and commercial customers. Our capabilities range from C5ISR, AI and Big Data, cyber operations and synthetic training environments to fleet sustainment, environmental remediation and the largest family of unmanned underwater vehicles in every class. Find the role that’s right for you. Apply today. We look forward to meeting you.
To learn more about Mission Technologies, click here for a short video: https://vimeo.com/732533072
Summary
Mission Technologies a division of Huntington Ingalls Industries is looking for a qualified individual to fill the role of a Security Control Assessor Representative (SCAR) in Orlando, FL supporting Joint Network Engineering and Emerging Operations (J-NEEO). This role conducts independent comprehensive assessments of the management, operational, and technical Security Controls and control enhancements employed within or inherited by an USAF SAP information technology (IT) system of record to determine the overall effectiveness of the controls (as defined in NIST SP 800-37).
What you will do
Designs and implements information assurance and security engineering systems with requirements of business continuity, operations security, cryptography, forensics, regulatory compliance, internal counter-espionage (insider threat detection and mitigation), physical security analysis (including facilities analysis, and security management). Assesses and mitigates system security threats and risks throughout the program life cycle. Validates system security requirements definition and analysis. Establishes system security designs. Implements security designs in hardware, software, data, and procedures. Verifies security requirements; performs system certification and accreditation planning and testing and liaison activities. Supports secure systems operations and maintenance. Core Tasks include:
Develop methods to monitor and measure risk, compliance, and assurance efforts.
Develop specifications to ensure risk, compliance, and assurance efforts conform with security, resilience, and dependability requirements at the software application, system, and network environment level.
Draft statements of preliminary or residual security risks for system operation.
Maintain information systems assurance and accreditation materials.
Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
Assess the effectiveness of Security Controls.
Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
Perform security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy.
Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
Plan and conduct security authorization reviews and assurance case development for initial installation of systems and networks.
Verify that application software/network/system security postures are implemented as stated, document deviations, and recommend required actions to correct those deviations.
What you must have
15 years relevant experience with Bachelors in related field; 13 years relevant experience with Masters in related field; 10 years relevant experience with PhD or Juris Doctorate in related field; or High School Diploma or equivalent and 19 years relevant experience.
3+ years of cybersecurity experience with at least one year of experience conducting SCAs under ICD 503/CNSSI 1253 NIST Cybersecurity Framework, Risk Management Framework (RMF), or a similar framework.
Certified Information Assurance Technical (IAT) Level III baseline certification (CASP+CE, CCNP Security, CISA, or CISSP or Associate, GCED, GCIH, or CCSP)
Demonstrated hands-on experience with compliance and vulnerability scanning tools (XACTA, RedSeal, Nessus, Splunk, McAfee ePO, and/or other vulnerability scanners)
Possess a strong understanding of the Assessment and Authorization (A&A) process.
Possess knowledge of Independent Verification & Validation (IV&V) of Security Controls
Possess knowledge of general attack strategies (e.g., MITRE ATT&CK Framework)
Demonstrated knowledge of NISPOM, ICD 503, NIST SP 800-53, ICD 705, and other ICDs as appropriate
Ability to make recommendations to the IC CISO or designee for improving TTPS for better cyber threat protection.
Knowledge of network access, identity, and access management e.g. public key infrastructure (PKI)
Knowledge of network protocols such as Transition Control Protocol/Internet Protocol (TCP/IP), Dynamic Host Configuration, Domain Name System (DNS), and directory Services
US citizen and Top-Secret Security Clearance with eligibility for SCI and SAP.
Preferred Requirements
- B.A. or B.S. in Information Security, Computer Science, or related discipline
- At least 1 year of experience as a Security Control Assessor (SCA) within the past 3 calendar years
- Demonstrated experience writing final reports and defend all findings, including risk or vulnerability, mitigation strategies, and references.
- Experience writing penetration testing Rules of Engagement (ROE), Test Plans, and Standard Operating Procedures (SOP)
- Demonstrated experience conducting security reviews, technical research and provided reporting to increase security defense mechanisms.
- Familiarity with United States Air Force risk management policies/procedures.
Physical Requirements
May require working in an office, industrial, shipboard, or laboratory environment. Capable of climbing ladders and tolerating confined spaces and extreme temperature variances.HII is more than a job - it’s an opportunity to build a new future. We offer competitive benefits such as best-in-class medical, dental and vision plan choices; wellness resources; employee assistance programs; Savings Plan Options (401(k)); financial planning tools, life insurance; employee discounts; paid holidays and paid time off; tuition reimbursement; as well as early childhood and post-secondary education scholarships.
Why HII
We build the world’s most powerful, survivable naval ships and defense technology solutions that safeguard our seas, sky, land, space and cyber. Our diverse workforce includes skilled tradespeople; artificial intelligence, machine learning (AI/ML) experts; engineers; technologists; scientists; logistics experts; and business administration professionals.
Recognized as one of America’s top large company employers, we are a values and ethics driven organization that puts people’s safety and well-being first. Regardless of your role or where you serve, at HII, you’ll find a supportive and welcoming environment, competitive benefits, and valuable educational and training programs for continual career growth at every stage of your career.
Together we are working to ensure a future where everyone can be free and thrive.
Today’s challenges are bigger than ever, and the nation needs the best of us. It’s why we’re focused on hiring, developing and nurturing our diversity. We believe that diversity among our workforce strengthens the organization, stimulates creativity, promotes the exchange of ideas and enriches the work lives of all our employees.
All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, physical or mental disability, age, or veteran status or any other basis protected by federal, state, or local law.
Do You Need Assistance?
If you need a reasonable accommodation for any part of the employment process, please send an e-mail to buildyourcareer@hii-co.com and let us know the nature of your request and your contact information. Reasonable accommodations are considered on a case-by-case basis. Please note that only those inquiries concerning a request for reasonable accommodation will be responded to from this email address. Additionally, you may also call 1-844-849-8463 for assistance. Press #3 for HII Mission Technologies.
